pal_install_ar_r109860_a3000.exe

Paltalk Messenger Setup

Paltalk.com

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from downloads.paltalk.com and multiple other hosts.
Publisher:
AVM Software Inc.  (signed by Paltalk.com)

Product:
Paltalk Messenger Setup

Version:
11,4,564,16191

MD5:
34398b35b23891bf8455b1fff7c7fcb6

SHA-1:
77e9a5b35c909c433c326459a6d1874105942a5b

SHA-256:
4f93660869638abc5a4f924c91c3e29d3db49fda6ca54b22dbf3d9ff8d167c29

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/27/2024 9:25:15 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.10171

File size:
1.7 MB (1,762,304 bytes)

Product version:
11,4,564,16191

Copyright:
Copyright 1999 - 2014

Original file name:
paltalk_messenger_setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pal_install_ar_r109860_a3000.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/11/2012 12:00:00 AM

Valid to:
5/11/2015 11:59:59 PM

Subject:
CN=Paltalk.com, O=Paltalk.com, STREET=PO Box 7528, STREET=Church Street Station, L=New York, S=NY, PostalCode=10008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
729EE4CEB28A90BBF4B6792577437EE2

File PE Metadata
Compilation timestamp:
9/5/2011 2:16:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:lnkVVf+kI/xhnRNFgJoVeTmyjmbGekk1f/tGwT:lkVx+kOVyJoVdGq/t

Entry address:
0x384F

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 28, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 24, 92, 40, 00, FF, 15, 84, 81, 40, 00, 68, 0C, 92, 40, 00, 68, C0, AD, 46, 00, E8, 18, 27, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
27.5 KB (28,160 bytes)

The file pal_install_ar_r109860_a3000.exe has been discovered within the following program.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file pal_install_ar_r109860_a3000.exe has been seen being distributed by the following 13 URLs.

http://downloads.paltalk.com/download/.../pal_install_ar_u40635045_a729_r109723_p153.exe

http://downloads.paltalk.com/download/.../pal_install_es_u40627248_a729_r109812_p114.exe

Scan pal_install_ar_r109860_a3000.exe - Powered by Reason Core Security