» lg_pc_suite.exe
Overview
Analysis
File Details
Downloads (1)

lg_pc_suite.exe

Pibeha

LAM Proactive And Investments Ltd

The application lg_pc_suite.exe, “Pibeha Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.centerbodyquick.com.

File name:

lg_pc_suite.exe

Publisher:

Kat (signed by LAM Proactive And Investments Ltd)

Product:

Pibeha

Description:

Pibeha Setup

MD5:

e496d0794e693abfa12fa5e5d3688850

SHA-1:

c3d2bc06c606e9db8386fabe78eda8285b483fcf

SHA-256:

71efa5b1059ecfb0f3c8ad00bf634700add7d91e476704ade38757bc684c01a5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/23/2024 2:38:55 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.3.16.2

File size:

1.1 MB (1,200,912 bytes)

Product version:

1.4.0

Internet Web File

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\lg_pc_suite.exe

Digital Signature

Signed by:

LAM Proactive And Investments Ltd

Authority:

GlobalSign nv-sa

Valid from:

9/27/2016 1:32:19 PM

Valid to:

9/28/2017 1:32:19 PM

Subject:

CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

48A70B6CBCEF24E4DCCED5ED

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9725

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file lg_pc_suite.exe has been seen being distributed by the following URL.

http://www.centerbodyquick.com/fDay6aGsZDN0w31OJfIFEfI0KpO7zXogzZxapYXCdXMh8Hll1hRkhPg9wTuQBXvV adcImr_bRlKeYFWm7nA1_vXKIbFtuLyzvAddIgr_rg5ynT5EpXrvlCQHPr5A1Sri1KjsWYBDpjZ0B97LTMWpMux3V3VwJfkxkcN9GVHnQD4MlcH_D5aXe_R3uMD eAi55AFDRoNEbjsxLb4hwpCPG3XaOvxpY g7X8FouG7bH0KvuW0Kla5tZiplkuPYU4342YS2bNMdQykS5J4KbKm1xhmjnrm4FfWFiKpksMZWrIDD9e4 E7_kelGLY3j1IhPJym4iOZHkJsgrYpQaxlVupoKMEBn1_mqUY0TaDiauSFJkrXQ4V0TZNKC2sT9YObWSRJtkwGCuz1l8hiKEmUOedqDc1JonlML1Juo5Um51 20zqzxTg8yPwU1SC Yntt56GlX2VXXFWtna9 RhT3rm38xGia9s2n0R4z8anHk_0u3Od9vOLzPHzRgLsLEFjZY60CFYbCyrXVMzbu3BhfBWQMTYdlOZK3J5qJ_zDDwfJXinjyj6qdhQGKHWGwfoZZ57u92GEqu-G3QAAES3 X2ddlzSdY4QMSErKp1y4NDKAsoDOcjxzAfdWHioFxzCsRnkNh7TcASxLQ2lvuuHfMwn968tf DtvKLstxfhmiAZTDRiGl9WF syBg==

Remove lg_pc_suite.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.