painttool-sai.exe

Cokonac

Setup Manager LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application painttool-sai.exe, “Cokonac Setup ” by Setup Manager has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from www.signfactorymega.com.
Publisher:
Bef   (signed by Setup Manager LLC)

Product:
Cokonac

Description:
Cokonac Setup

MD5:
065a1e4c0fa5c030554c95d6035acba0

SHA-1:
5092f2d80b0ed761d8979b77d1e89acd3c10bf4f

SHA-256:
9bd53c36985228df80d0b48d68977b554e1aa24f4876e7f1b7ff50b3585b5487

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/5/2024 3:38:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softpulse.SetupMan.Bundler (M)
16.7.14.1

File size:
946.3 KB (969,048 bytes)

Product version:
2.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\painttool-sai.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
12/16/2015 7:00:00 PM

Valid to:
1/15/2017 6:59:59 PM

Subject:
CN=Setup Manager LLC, O=Setup Manager LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5B54F9A49482444F2A26324DAC8E187D

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:W7PlaKuc2gFnN2M8ZZyyA4ft3o3yYx6Yh634iy66xfT4HEq:W7NXu/gleZ+4ft3rmj/nxfTF

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9317

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file painttool-sai.exe has been seen being distributed by the following URL.

Remove painttool-sai.exe - Powered by Reason Core Security