bundle_flowsurfcb.exe

Piitsburg Peanguins Project

STK Develop, TOV

The application bundle_flowsurfcb.exe, “Piitsburg Peanguins Inc” by STK Develop, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.power-ful.xyz.
Publisher:
Piitsburg Peanguins  (signed by STK Develop, TOV)

Product:
Piitsburg Peanguins Project

Description:
Piitsburg Peanguins Inc

Version:
1.3.0.12

MD5:
5994067e0fcffe508aadf1c69635ef9f

SHA-1:
018e15317b0ddc754ddfdc88be2eb5b4198e262d

SHA-256:
4c92af306e816c2a7dc154d4834eacb254a31c28c43339808b5762b1b225b37e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 7:02:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.STKDevel (M)
16.6.15.0

File size:
401.5 KB (411,128 bytes)

Product version:
1.3.0.12

Original file name:
pittsburg.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\setup wizard\c2145426-6fee-4841-bb22-ffa6c787eb44\bundle_flowsurfcb.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/18/2016 2:00:00 AM

Valid to:
4/19/2017 1:59:59 AM

Subject:
CN="STK Develop, TOV", OU=IT, O="STK Develop, TOV", STREET="Klovsky Uzviz, 9/2", L=Kiev, S=Kiev, PostalCode=01021, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
678E83B88501A7494453C43B9AB0ED0B

File PE Metadata
Compilation timestamp:
5/1/2016 10:09:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:xwUEDK/+hn+7VqiZ9gaGwHorM0ZhsO2P71l4INh:x6DdCgLhk1l4INh

Entry address:
0x24C7

Entry point:
E8, 57, 26, 00, 00, E9, 52, FE, FF, FF, 55, 8B, EC, FF, 15, 28, 00, 3A, 00, 6A, 01, A3, 6C, 87, 3A, 00, E8, 38, 2B, 00, 00, FF, 75, 08, E8, CD, 2A, 00, 00, 83, 3D, 6C, 87, 3A, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 1E, 2B, 00, 00, 59, 68, 09, 04, 00, C0, E8, 89, 2A, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, AF, 79, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 50, 85, 3A, 00, 89, 0D, 4C, 85, 3A, 00, 89, 15, 48, 85, 3A, 00, 89, 1D, 44, 85, 3A, 00, 89, 35, 40, 85, 3A, 00, 89, 3D, 3C...
 
[+]

Code size:
60.5 KB (61,952 bytes)

The file bundle_flowsurfcb.exe has been seen being distributed by the following URL.

Remove bundle_flowsurfcb.exe - Powered by Reason Core Security