home

essentialpim.pro.exe

ProfitServis LLC

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application essentialpim.pro.exe by ProfitServis has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the ProfitServis Downloader installer. The file has been seen being downloaded from 3zx48sp04fqkqex.darkost.ru.
Publisher:
ProfitServis LLC  (signed and verified)

Version:
1.0.0.0

MD5:
32b4d20258a61c2aca1df44fb9d1b1ae

SHA-1:
5b8b9e0d2a2b750db374914e78f401ae38a8e1e2

SHA-256:
4d0ed370265516a248dada728611324fa8a2a4816b100a8b1f16ed0c0f025bec

Scanner detections:
15 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/15/2025 11:05:42 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallMonster
2014.09.05

Avira AntiVirus
TR/Graftor.pqifq
7.11.170.228

avast!
InstallMonstr-FL [PUP]
140813-1

AVG
Generic
2015.0.3361

Dr.Web
Trojan.InstallMonster.940
9.0.1.05190

ESET NOD32
Win32/InstallMonstr.FI (variant)
8.10369

F-Prot
W32/A-b17d8e14
v6.4.7.1.166

NANO AntiVirus
Trojan.Win32.InstallMonster.debbcl
0.28.2.61942

Norman
InstallMonstr.S
11.20140905

Panda Antivirus
Trj/Genetic.gen
14.09.05.12

Reason Heuristics
PUP.ProfitServis.P
14.9.26.15

Sophos
Install Monster
4.98

Vba32 AntiVirus
Signed-Downware.InstallMonstr
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Adware.InstallMonster.Win32.11
2.0.0.1912

File size:
2 MB (2,085,728 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
ProfitServis Downloader

Common path:
C:\users\{user}\downloads\essentialpim.pro.exe

Digital Signature
Signed by:
ProfitServis LLC

Authority:
Thawte, Inc.

Valid from:
5/21/2014 6:00:00 AM

Valid to:
5/22/2015 5:59:59 AM

Subject:
CN=ProfitServis LLC, O=ProfitServis LLC, L=Village of Kommunar, S="Kharkiv District, Kharkiv Region", C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
259670E42586FCE460513727E39AB7DF

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:davWqXUgVulw/BCVEZH9M6f0zyojCX2uuiVxjVTz2roY:das/+KEH95Wtj2xJn2V

Entry address:
0x6477D0

Entry point:
60, BE, 00, A0, 90, 00, 8D, BE, 00, 70, AF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
1.2 MB (1,302,528 bytes)

The file essentialpim.pro.exe has been seen being distributed by the following URL.

http://3zx48sp04fqkqex.darkost.ru/eyJ2ZXIiOiIxIiwic2lkIjoiMzM2NCIsInVybCI6Imh0dHA6Ly9maWxlcy1iZXpzbXMuY29tL2ZpbGVzL0Vzc2VudGlhbFBJTS5Qcm8ucmFyIiwibmFtZSI6IkVzc2VudGlhbFBJTS5Qcm8ucmFyIiwidHlwZSI6ImFyY2hpdmUiLCJybmQwIjo4OTMzNTc0MjM4MzI2NH0=

Remove essentialpim.pro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.