home

pureleadssetupx21701.exe

Sendori, LLC

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application pureleadssetupx21701.exe by Sendori has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
PureLeads  (signed by Sendori, LLC)

Product:
PureLeads

Version:
2.0.18.0

MD5:
0c89dbcfc52de8105ebced1c62289074

SHA-1:
52f1a2bab9da6ad3604cd203e6d9c3b56c4978a8

SHA-256:
c5e4f3cc3c9c29c38caa8496b3f751bd8f02da9ce69006840cdabaa077180437

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
4/23/2024 9:49:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Sendori.E
947

Agnitum Outpost
PUA.Sendori
7.1.1

Avira AntiVirus
Adware/Sendori.E.87
7.11.158.30

avast!
Win32:Adware-gen [Adw]
2014.9-140703

AVG
Generic5
2015.0.3425

Bitdefender
Adware.Sendori.E
1.0.20.920

Comodo Security
ApplicUnwnt
18744

Dr.Web
Adware.Plugin.222
9.0.1.0184

Emsisoft Anti-Malware
Adware.Sendori
8.14.07.03.01

ESET NOD32
Win32/AdWare.Sendori (variant)
8.10034

Fortinet FortiGate
Riskware/Sendori
7/3/2014

F-Secure
Adware.Sendori.E
11.2014-03-07_5

G Data
Adware.Sendori
14.7.24

IKARUS anti.virus
AdWare.Sendori
t3scan.1.6.1.0

McAfee
Artemis!0C89DBCFC52D
5600.7081

MicroWorld eScan
Adware.Sendori.E
15.0.0.552

nProtect
Adware.Sendori.E
14.07.02.01

Qihoo 360 Security
Win32/Virus.Adware.fb0
1.0.0.1015

Reason Heuristics
Adware.Sendori.PureLeads (M)
16.3.17.14

Sophos
Generic PUA KB
4.98

Trend Micro House Call
Suspicious_GEN.F47V0630
7.2.184

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
30890

File size:
3.5 MB (3,694,016 bytes)

Copyright:
© PureLeads All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\opencandy\8e55d5a3c13b4240b5bd6c782a80bf06\pureleadssetupx21701.exe

Digital Signature
Signed by:
Sendori, LLC

Authority:
VeriSign, Inc.

Valid from:
12/9/2013 6:00:00 PM

Valid to:
12/10/2014 5:59:59 PM

Subject:
CN="Sendori, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sendori, LLC", L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
310642A25A6D9FB4A7E88E32D87A345F

File PE Metadata
Compilation timestamp:
12/5/2009 4:53:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:xj+Rn/JyIe2uUVXVUoRYT8/79DhLxfbX7YFD4HVOCaD9Oa:xqRn/YIe2uUMo+T8/79DffDcFDCVA0a

Entry address:
0x355E

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 10, 43, 00, E8, D6, 2E, 00, 00, A3, E4, 0F, 43, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, A7, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 07, 43, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, 70, 43, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9950

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

Remove pureleadssetupx21701.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.