home

pfinst_1096.exe

PriceFountain

The application pfinst_1096.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program PriceFountain (remove only) by DealPly Technologies Ltd. which is a potentially unwanted software program. The file has been seen being downloaded from cdn.pmdownloadcdn.com.s3.amazonaws.com.
Publisher:
PriceFountain

Product:
PriceFountain

Version:
1.0.9.6

MD5:
a1deb0945ec363c6ab5f1750238b18a5

SHA-1:
002722aea6056d6a9813203c045070935b7ad9fd

SHA-256:
a775ed25a470e0ba8f5b39610587a66cf9af36ba73ff86e1c8854645a12b10ad

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:47:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2015090
695

Avira AntiVirus
Adware/DealPly.A.430
7.11.201.216

avast!
Win32:Malware-gen
2014.9-150312

Baidu Antivirus
PUA.Win32.DealPly
4.0.3.15118

Bitdefender
Trojan.GenericKD.2015090
1.0.20.355

Emsisoft Anti-Malware
Trojan.GenericKD.2015090
8.15.03.12.10

ESET NOD32
Win32/DealPly.AC (variant)
9.11026

Fortinet FortiGate
Riskware/DealPly
3/12/2015

F-Secure
Trojan.GenericKD.2015090
11.2015-12-03_5

G Data
Trojan.GenericKD.2015090
15.3.24

K7 AntiVirus
Trojan
13.187.14319

Kaspersky
not-a-virus:AdWare.Win32.DealPly
14.0.0.2623

McAfee
Artemis!A1DEB0945EC3
5600.6882

MicroWorld eScan
Trojan.GenericKD.2015090
16.0.0.213

NANO AntiVirus
Trojan.Win32.DownLoader11.dkhxtx
0.28.6.63850

Norman
Troj_Generic.XOORT
11.20150312

nProtect
Trojan.GenericKD.2015090
14.12.12.01

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.12.10

Sophos
Generic PUA NM
4.98

Trend Micro House Call
Suspicious_GEN.F47V0115
7.2.18

VIPRE Antivirus
Trojan.Win32.Generic
35710

File size:
1.6 MB (1,650,176 bytes)

Product version:
1.0.9.6

Copyright:
Copyright © 2015 PriceFountain

Trademarks:
[12345678] [default:default] PriceFountain is a trademark or registered trademark in the U.S. and/or other countries.

Original file name:
pfinst.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pfinst_1096.exe

File PE Metadata
Compilation timestamp:
1/14/2015 12:29:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:8VEXLjqqrSeHJ7Gk/gMcAvneKuFaTUmskBjNbIbdA+cX3jvVGS77Sp:brJ7L/AAvnDu0dsHbq+w3jj77A

Entry address:
0x5991C

Entry point:
E8, AC, FD, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, 68, A4, 98, 46, 00, E8, 05, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 56, 8B, 75, 0C, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 85, F6, 75, 15, E8, 59, 3D, 00, 00, C7, 00, 16, 00, 00, 00, E8, C3, 63, 00, 00, 83, C8, FF, EB, 3B, 39, 45, 10, 74, E6, 56, E8, FF, 21, 00, 00, 59, B9, FF, FF, FF, 7F, C7, 45, EC, 49, 00, 00, 00, 89, 75, E8, 89, 75, E0, 89, 4D, E4, 3B, C1, 77, 03, 89...
 
[+]

Code size:
494 KB (505,856 bytes)

The file pfinst_1096.exe has been discovered within the following program.

PriceFountain (remove only)  by DealPly Technologies Ltd.
Price Fountain (SaveSense) is an adware extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.
www.pricefountain.com
76% remove it
 
Powered by Should I Remove It?

The file pfinst_1096.exe has been seen being distributed by the following URL.

http://cdn.pmdownloadcdn.com.s3.amazonaws.com/.../pfinst_1096.exe

Remove pfinst_1096.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.