» picpick_inst.exe
Overview
Analysis
File Details

picpick_inst.exe

Wiziple software

The application picpick_inst.exe by Wiziple software has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

picpick_inst.exe

Publisher:

Wiziple software (signed and verified)

MD5:

72c9bc1aa5b9d0f6e8f93b2f2c2e2204

SHA-1:

6bb9607981a072fdc1ffd006fe3364284c7c0ebc

SHA-256:

e1815075ff3dade15e113f1893fe2f84fa31f3e52310039528d3e67026578866

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/23/2024 10:39:55 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/InstallMonetizer.AN

9.10752

Reason Heuristics

PUP.InstallMonetizer.Bundle (M)

16.3.10.15

File size:

10 MB (10,487,032 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\picpick_inst.exe

Digital Signature

Signed by:

Wiziple software

Authority:

Thawte, Inc.

Valid from:

6/1/2012 1:00:00 AM

Valid to:

6/2/2014 12:59:59 AM

Subject:

CN=Wiziple software, OU=Dev Team, O=Wiziple software, L=Jungnang-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

20C0DB1FF9E34B041EEC3E45D599B283

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:g7s0g5Im3dBG5++UrBbvEkRby9ylyC59uH9U1oNu1O+9+1s+hvWUpk97Wu4taKC4:g7s0gBO++UOk49yoC59udbY1/Us+IUm0

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9847

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove picpick_inst.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.