parkitect pc__14548_il395625.exe

Must have files

Droms

The application parkitect pc__14548_il395625.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.kafiridovishness.site.
Publisher:
Droms

Product:
Must have files

Description:
fast install

Version:
48.47.120.102

MD5:
232f4e2d1405fe4645e3a388551b8e00

SHA-1:
db518391900ef56d653c54771c4de40160ef778b

SHA-256:
eb88af806e0e55bab0f145d0f58e7ed451f1cee0ac8497daf4f6ea67623b746c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/25/2024 4:36:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.Droms.Installer.Meta (M)
16.5.26.17

File size:
1.1 MB (1,155,584 bytes)

Product version:
48.47.120.102

Copyright:
CL2016

Trademarks:
US CAPS

Original file name:
osetup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\parkitect pc__14548_il395625.exe

File PE Metadata
Compilation timestamp:
5/26/2016 6:00:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:eSC4PBSl2DOTcsXttCZgrEJiJVp4bZFUMGj8avU:xFPAXT36ZYf8TUT3v

Entry address:
0x906B

Entry point:
E8, 22, 31, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 6A, 00, FF, 15, 70, C0, 41, 00, C3, FF, 15, 84, C0, 41, 00, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 35, 14, 23, 42, 00, FF, 15, 88, C0, 41, 00, FF, D0, 5D, C2, 04, 00, A1, 10, 23, 42, 00, C3, 8B, FF, 56, FF, 35, 14, 23, 42, 00, FF, 15, 88, C0, 41, 00, 8B...
 
[+]

Code size:
108 KB (110,592 bytes)

The file parkitect pc__14548_il395625.exe has been seen being distributed by the following URL.

Remove parkitect pc__14548_il395625.exe - Powered by Reason Core Security