pastaleadssetup.exe

One Call Ltd

The application pastaleadssetup.exe by One Call has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.apptilio.com and multiple other hosts.
Publisher:
PastaLeads  (signed by One Call Ltd)

Product:
pastaleads

Description:
PastaQuotes

Version:
1.1.0.1

MD5:
e25d78f7dae2032b3a58c62ef12d9118

SHA-1:
fc34c9c0b0eca51a3baa461ae3cd3af0f0d99350

SHA-256:
efd638bbf8dad6113aec909c330d86ddbbbca412c1fbdfb7f3cd6bf5b8ceaed3

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:48:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.OneCall.P
14.5.17.14

File size:
1.1 MB (1,133,800 bytes)

Copyright:
Onecall LTD © 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pastaleadssetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/30/2013 7:00:00 PM

Valid to:
12/31/2014 6:59:59 PM

Subject:
CN=One Call Ltd, O=One Call Ltd, STREET=Zarhin 10, L=Raanana, S=IL, PostalCode=12345, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3319A851B8E5EE29CCF776BCF148B091

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:GKT3EXXo68GNhtfa6w/oHyYvQsSe2WmlLOz55cncC1c2cBMEY76N:GKT3En58qtfwkyY4ZRWbXIU476N

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
6.7640

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file pastaleadssetup.exe has been seen being distributed by the following 2 URLs.

Remove pastaleadssetup.exe - Powered by Reason Core Security