PennyBeeW.exe

PennyBee

MY POP SHOP LTD

The application PennyBeeW.exe by MY POP SHOP has been detected as adware by 19 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘PeenyBee’.
Publisher:
MY POP SHOP LTD  (signed and verified)

Product:
PennyBee

Version:
1.0.3.0

MD5:
ef475f027ffff8ce70ee48f30b37e9aa

SHA-1:
87d19c01f1d28244ea4ebe788a924f658a192bcc

SHA-256:
8225e900b330968877c2900ee192acb0828e2a336ae5647543eef1de030cbaf8

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
12/24/2024 11:56:24 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/PennyBee.A.29
8.3.2.2

AVG
Mypopshop
2016.0.2924

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.151116

Bkav FE
W32.HfsAdware
1.3.0.7237

Comodo Security
ApplicUnwnt
23370

Dr.Web
Trojan.Revizer.725
9.0.1.0320

ESET NOD32
MSIL/Toolbar.Linkury.H potentially unwanted (variant)
9.12370

Fortinet FortiGate
Adware/Linkury
11/16/2015

G Data
Win32.Application.PennyBeeLinkury
15.11.25

IKARUS anti.virus
PUA.MSIL.Toolbar
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.210.17454

Kaspersky
not-a-virus:WebToolbar.MSIL.Agent
14.0.0.1115

McAfee
Artemis!EF475F027FFF
5600.6580

Microsoft Security Essentials
Adware:Win32/PennyBeeLinkury
1.1.12101.0

Panda Antivirus
Trj/CI.A
15.11.16.01

Reason Heuristics
PUP.Resoft.MYPOPSHOP (M)
15.11.16.1

SUPERAntiSpyware
Adware.MSIL/Variant
9505

VIPRE Antivirus
Trojan.Win32.Generic
44358

Zillya! Antivirus
Adware.Agent.Win32.13045
2.0.0.2433

File size:
400.5 KB (410,120 bytes)

Product version:
1.0.3.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\pennybee\pennybeew.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/21/2014 7:00:00 PM

Valid to:
7/22/2015 6:59:59 PM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B739C4F756EE55FB750952CE570BE48B

File PE Metadata
Compilation timestamp:
9/7/2014 9:44:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:9XRlRoB+QrS1e6dj7lgdBOkWr4zCoqxt2Ffwc3ZNaAdCpv/H3xC:voB+QrS1bdj7lgF2SOSf73GbphC

Entry address:
0x5BC1E

Entry point:
FF, 25, 2C, BC, 45, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9661

Code size:
359.5 KB (368,128 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PeenyBee

Command:
C:\users\{user}\appdata\local\pennybee\pennybeew.exe


Remove PennyBeeW.exe - Powered by Reason Core Security