» arcgis_desktop.exe
Overview
Analysis
File Details
Downloads (1)

arcgis_desktop.exe

Pibeha

LAM Proactive And Investments Ltd

The application arcgis_desktop.exe, “Pibeha Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.fungiftsafe.com.

File name:

arcgis_desktop.exe

Publisher:

Kat (signed by LAM Proactive And Investments Ltd)

Product:

Pibeha

Description:

Pibeha Setup

MD5:

eb8b22be44fae2bfa6e3dc03413e1fcb

SHA-1:

0c6f1754c8083c787e430cc880f48b8d3e23d6f6

SHA-256:

f5a01fb838233b4278e78c203b5069411ebf803f2906a597598aa805d6f2627e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/23/2024 2:17:35 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.3.15.21

File size:

1.1 MB (1,200,912 bytes)

Product version:

1.4.0

Internet Web File

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\arcgis_desktop.exe

Digital Signature

Signed by:

LAM Proactive And Investments Ltd

Authority:

GlobalSign nv-sa

Valid from:

9/27/2016 5:32:19 PM

Valid to:

9/28/2017 5:32:19 PM

Subject:

CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

48A70B6CBCEF24E4DCCED5ED

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9725

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file arcgis_desktop.exe has been seen being distributed by the following URL.

http://www.fungiftsafe.com/nSB6Vm2kIfNKoGw30i8UcF4aRPdoEU3W0zTN1kkepkeMpvsZbkkFgk4ui7EPElzjB28GTPf71Lj8lQob1KKQyVd2x7za6_zPQffmM8L9lZx7QtOu9g8siAoUPcBSeLeO2 6mClJc7CroEnoyLHGxlXrPrcFteNTpYwAZHFBfWJqVOR4vUqjTBkRTL OYxTTRV7B6R5WwaQycPvS37glKvG2yyFZDxSL b3_lw2AWA46r 3JBjEiJd4E4ofXSX9PRxBep925xG5f60qTY0PxhRrmwDIjtQoGA3zRyxDPcRED3b9Fla2rweH KeAGW0VgthUCQBQ3Rkn_ZPAx2nTWZja3wk6 B_oXohdl 1w4hO8EpfV9bJMuhJsV2m5LZdL465gVjfEJu3pmidJ2wUmsheI3zRPQ g7Hiu_k3zZSSo30YnYk9wv 3aa0fGekdx3VrzVukkVyr6WVZ5RCHieQuL4q1WrSJsSk5uhJavB5LKSA0mMFTiYb5Yj6FwnBLcWx_LOrohzrxT7Ngn4ExHHbjUx0BqT01LyAxPuvcEPlSqGyURTGq8BeSVKyygiXJod4oKNWiOER1mxDobMZ63e2F0yRgGtNgnA==-G8MAAGRpXUu7KLxUMoCnJ9ACDUhaRdU8Dyxsi894qBtmmKHvlGwGso1n_bTj_Ja0jb8JS5838rnFDQWF1IIjHUw5JgYchxywmdVFaqm0_iT6v718z_9p 2B ahTiy4T694Dey5Gv Rjzyv0IkAE=

Remove arcgis_desktop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.