home

popservice.exe

PopService

Installmatic, LLC

This is part of the Installmatic installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application popservice.exe by Installmatic has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Installmatic Setup installer. It runs as a separate (within the context of its own process) windows Service named “PopDeals Service Watcher”.
Publisher:
Installmatic, LLC  (signed and verified)

Product:
PopService

Version:
1.0.2.8

MD5:
4a2274c2f811659f01eaf024e00186b9

SHA-1:
a932efb3a4e1d819ee6c95562e1de284077ba9c3

SHA-256:
95aca30df861ed7080d66f8bc160b3c276a14b17d9912ff7b4c9856bbcd64526

Scanner detections:
23 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 1:15:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.POV
577

Avira AntiVirus
ADWARE/PopDeals.38464.2
8.3.1.6

avast!
MSIL:Adware-O [Adw]
2014.9-150707

AVG
DealApp
2016.0.3055

Baidu Antivirus
Adware.MSIL.Popdeals
4.0.3.1577

Bitdefender
Adware.Agent.POV
1.0.20.940

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
ApplicUnwnt
22595

Dr.Web
Adware.Shopper.930
9.0.1.0188

Emsisoft Anti-Malware
Adware.Agent.POV
8.15.07.07.04

ESET NOD32
MSIL/Adware.Popdeals (variant)
9.11852

Fortinet FortiGate
Adware/Popdeals
7/7/2015

F-Secure
Adware.Agent.POV
11.2015-07-07_3

G Data
Adware.Agent.POV
15.7.25

IKARUS anti.virus
AdWare.MSIL.Popdeals
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.204.16185

Malwarebytes
PUP.Optional.PopDeals
v2015.07.07.04

McAfee
Artemis!6614E44A983E
5600.6711

MicroWorld eScan
Adware.Agent.POV
16.0.0.564

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installmatic (M)
15.7.7.16

Sophos
Virus 'Mal/MSIL-LL'
5.14

Trend Micro House Call
Suspicious_GEN.F47V0608
7.2.188

File size:
37.6 KB (38,464 bytes)

Product version:
1.0.2.8

Copyright:
Copyright © 2015

Original file name:
popservice4.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Installmatic Setup

Language:
Language Neutral

Common path:
C:\Program Files\popservice\popservice.exe

Digital Signature
Signed by:
Installmatic, LLC

Authority:
COMODO CA Limited

Valid from:
9/11/2014 9:00:00 PM

Valid to:
9/12/2015 8:59:59 PM

Subject:
CN="Installmatic, LLC", O="Installmatic, LLC", STREET="80 SW 8th St #2000", L=Miami, S=FL, PostalCode=33130, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
574F435B169EC460893AD0187E44D858

File PE Metadata
Compilation timestamp:
4/30/2015 3:17:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:8Mp+hOIn1riQX7GPjtxRZUtDxD4l8sbo0PS77JZZkU8Nuri:8y+hTrJ7GtZCNsl1bLCZZkUxri

Entry address:
0x912E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
28.5 KB (29,184 bytes)

Service
Display name:
PopDeals Service Watcher

Service name:
PopService

Description:
Watchdog service for PopDeals

Type:
Win32OwnProcess


Remove popservice.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.