picpick_inst.exe

Wiziple software

The application picpick_inst.exe by Wiziple software has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.
Publisher:
Wiziple software  (signed and verified)

MD5:
33ed6e6b44430230cbef4016f3b43b48

SHA-1:
3ed478f847f2e54c5ba7a769b4888d669a42424f

SHA-256:
7b86b07b5f96702ea1f61b788a272f20728a060115b725794b12e398f5102c17

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/26/2024 6:31:52 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallMonetizer.AN
8.9336

Reason Heuristics
PUP.InstallMonetizer.Bundle (M)
16.3.10.15

File size:
12.3 MB (12,883,976 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\picpick_inst.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
5/31/2012 8:00:00 PM

Valid to:
6/1/2014 7:59:59 PM

Subject:
CN=Wiziple software, OU=Dev Team, O=Wiziple software, L=Jungnang-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
20C0DB1FF9E34B041EEC3E45D599B283

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:L7KJ70W2hw00msrV+HHfWRHHnevP4jI4h7TRE33LGd:L7KJKhw0JH+KP4jT7TC36d

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9894

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove picpick_inst.exe - Powered by Reason Core Security