home

softonicdownloader_for_pencil.exe

The application softonicdownloader_for_pencil.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from pencil.en.softonic.com.
MD5:
b83c05a005e7521b84eb92801dab69a2

SHA-1:
67d4d2c1c6213b295cf0b182d7c2fbbcc73607fe

SHA-256:
61745ddd8ec7684069ea951064b88f49cb8519aa80ba9ef0cb2b9682d6221cef

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 4:42:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softonic.Bundler (L)
16.7.19.12

File size:
353.3 KB (361,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\softonicdownloader_for_pencil.exe

File PE Metadata
Compilation timestamp:
9/15/2014 8:39:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:uYs0/vghYySTIM7fjcIUtZzZOKcztPQfl9hx5siDv0iF86oSNaGLK0ZJGY:5/IhYp0M7gXrOHiz3X0k86oSNC8N

Entry address:
0xF7270

Entry point:
7F, 2F, B8, 7F, 2F, B8, 7F, 2F, F5, A9, 3F, F8, C3, 79, D7, 94, 37, B8, 7F, 2F, B8, 7F, 2F, B8, 7F, 2F, B8, 7F, 2F, A4, 74, 30, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D8, 9F, 4F, F7, BA, 66, ED, A4, 3D, DA, 97, 38, C3, 87, 32, B8, 7F, 2F, B8, 7F, 2F, B8, 7F, 2F, B8, 7F, 2F, B8, 7F, 2F, C3, 87, 32, D3, 91, 36, E6, 9F, 3B, F5, A9, 3F, F8, C3, 79, CB, 8C, 34, B8, 7F, 2F, B8, 7F, 2F, B8, 7F, 2F, B8, 7F, 2F, A4, 74, 30...
 
[+]

Entropy:
7.9594  (probably packed)

Code size:
316 KB (323,584 bytes)

The file softonicdownloader_for_pencil.exe has been seen being distributed by the following URL.

http://pencil.en.softonic.com/universaldownloader-launch

Remove softonicdownloader_for_pencil.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.