home

pricepeep_50001_1001.exe

betwikx

The application pricepeep_50001_1001.exe by betwikx has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from installs.peepsrv.com.
Publisher:
betwikx  (signed and verified)

MD5:
6698f7e4fd694d2111e58f5ecd56de94

SHA-1:
83bc6e27c01380d421f9c3867aeb9a660345296c

SHA-256:
6f55ca703423f4e9b455261269eaf4077ad5a8e9e62c6c33f9a077a39b60757a

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 3:54:05 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Application.Win32.AdWare.PricePeep.A
17754

Dr.Web
Adware.Shopper.297
9.0.1.040

IKARUS anti.virus
not-a-virus:AdWare.JS.PricePeep
t3scan.2.2.29

Kaspersky
not-a-virus:AdWare.JS.PricePeep
14.0.0.4337

Malwarebytes
PUP.Optional.PricePeep.A
v2014.02.09.01

Reason Heuristics
PUP.betwikx.U
14.2.9.13

Trend Micro House Call
TROJ_GEN.F47V0206
7.2.40

VIPRE Antivirus
Pinball Corporation
26270

File size:
559.4 KB (572,816 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pricepeep_50001_1001.exe

Digital Signature
Signed by:
betwikx

Authority:
VeriSign, Inc.

Valid from:
10/17/2013 2:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=betwikx, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=betwikx, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7C2D7B2CD0E4304F2FDED654D7916B93

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:4xB7sNILg7zMFluEMMMQTqOY9NNI1lelKKHku0achxoWWlPZ6bbFKt:477xg7zMFQQMr6MIxVbbm

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file pricepeep_50001_1001.exe has been seen being distributed by the following URL.

http://installs.peepsrv.com/pricepeep_50001_1001.exe

Remove pricepeep_50001_1001.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.