» pivot_v4-2.exe
Overview
Analysis
File Details
Downloads (17)

pivot_v4-2.exe

Pobomasa

Motus Software Ltd

The file pivot_v4-2.exe, “Pobomasa Setup ” by Motus Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.citysafedl.com and multiple other hosts.

File name:

pivot_v4-2.exe

Publisher:

Lohoh (signed by Motus Software Ltd)

Product:

Pobomasa

Description:

Pobomasa Setup

Version:

1.1.5.6

MD5:

af2c662ed4872734fc6f0f96a68897c5

SHA-1:

d814de7ac3acad18ad0695b379e4260d6e733cdf

SHA-256:

3c93ec2ceb8ffbf5d0589d22503dae30fcce7e4f14df87f8d2ac6ce132924220

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/23/2024 10:23:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

16.12.20.3

File size:

1.5 MB (1,589,536 bytes)

Product version:

3.6.8

Installer

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pivot_v4-2.exe.wc2v3ju.partial

Digital Signature

Signed by:

Motus Software Ltd

Authority:

GlobalSign nv-sa

Valid from:

1/8/2016 5:48:52 AM

Valid to:

1/8/2017 5:48:52 AM

Subject:

CN=Motus Software Ltd, O=Motus Software Ltd, L=Lewes, S=East Sussex, C=GB

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B33255C25F08D556D0D742D2C9C32DE3

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file pivot_v4-2.exe has been seen being distributed by the following 17 URLs.

http://www.citysafedl.com/aTgq0DMEm6nQujkdkx_8cHg0SrpI_Rha9f7chnFThGyxE1ICiHyNsbJmjFRjThR3im04wdSv_e65RgOduifjt4LPhpkWJEGm2 n02nw5CX4FbwYyRfNcat7IuQ5cH0 fjM1X1KCnP0aY0tFD8ZJIAeaeiQ93lRygzRXMOobloh7P_SXYA t7p3Ev mced9fI11lfrfVxkpSyOJy31HdWDDXprgsDVVMIOCdKFX41l2I6QorUj8oXNtosLf1pWnnk91beG_zADbowSqehEzYNw2lQpt4WMrLom686ZV4WxVvrgYMZ_fPMyHmyBLa8kznVk6_pdCjc62VX 99rGo45UxKjp7OouQXqFy8LrnndFBajNFiUVRw=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/LeGhfpADRfPST3KeMZ_mVT3zU 0nSJHRnnp1pOJVUEaRZ1KVWCbhAB8JOb2ZO0dZJUtRvUxUXk4qEScDH1ckK5fLT1pRrNqE87M5Rdd_I DzuhD7xacTbJcpeezoq40D5idvrxTcgpbDjFMGAw9frB_M2AyAE1rUFYNH4cYNX1lznsIPIwJFkM2Jwfzq5u7BYtXls6gShLla4sr8s9gfwAQOQbHwck3nAwKtjEuLua4VO E4gj1zeNU8EjsQ1ZpPwskz_hHjkiiTpmAxBJ5aEpPkZ4EkPOt4PwwEEmuvghJXEC6Us4CdOTjZGdTBOeE7d02B5sjYYgJdI2CIo3EVUsuykAQqVD_C5GV75i53GfVYHgtzkQ=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/XKNax0oHkh04n1dnfwI4hnmvV8JuySQM YyMO9xfcry__HeDwhD_G2PTrtArpKXQnT6VpintiyFCs9_IICjKh8FvEhNl6SXuQe37fzPdBHPumyUWKzwWnzc8HhZbsavHAUeXwqEajd5DhyUdsyMR6lgD5vq8qOAtF1CghmQSeCTSRm HHtN49HjiNENzfeoX8Hcf PDFG0MOvIG9rIMjZQq8qbh4 gNT2JZRbxqmriNhQnAqDg3SmXzyFLPFpNMuUHxTokzfErqKQ_xIKAaH1HxIHZ8UiHSsMQPpf8Iy7qlkR4yxrsK1VDvcmmRF9HeANP0qhIsE3oz1hhsc5ezSy7yZRsY0VLx2LAuB4QROzbMyLkLQQeA=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/_gakXvgmq1Dh9YpRADUZbaq2r_xGMwh5YSXs4HHgUZGrR5ycdSNi2jqzfTf6IjTaUmjpBQEBdws5Mnupuhwwu_tkSah22byOeoVA082BI51falXmxAGpXH4ewz lYRi_vrrs3Dm6BsLbCcZjyIRcI9u18D_ET_8asugTSx62 4PBKSiZWoqkoTQdzIGHf6qMqxMJsL7A_N GzTPrIxTo8ryzpXCEu7Q_PykCp9mhCER3 _Kq9jmVhEtFeU1jJDgGhzWfbumWPg5912vqVviXRGMqFFMsAiY5ENjBR E8bP7InlaYyfKpw71MvBq8HXyMACe9UOg2c72T7inl_K_6w_s_RpZJ0Ibz0TmCr4nABLkszUwBbs=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/4UGKLPR9CDhjLx04zW9QA9X7JMh6JNZE0JR50txonXzrvaj45kQqNQJWkoUgKtGINizwrni6UK24PnbU4EckaSvtbpplHTEGEhOV0Rv6udQC4x__YRGUBFdBgf3sOc6glZ5Q9ZjI5A61w6Hd5vv_WRjeaeITUT03asUJsLoaOh6r1tygl pxBKnOOcdbpOXmPrLGgYgCkC3stCJRE6P6iw7Wlhw90HzouafFvHNZ0ZO4CHeLTowAqZX Xmgo_35jt7F9AaG5YNWuIvN8isQ5UbeY9zoZvmRJoj0Q0FQXtARi81Wr9ZFwkIjKh7H 73fk jUpZYF FHeAT30zQGqMQio5OBq0802TVHY hlyaUFdhsuW1DJQ=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/4ln8uCTxsm7aUTyXdLNCq4rZRsbqu1WbudhJu byFw7Twvbl3ncwlyH1pOw7MxNeg0fecyx4XIVY_VT_xT7sy45KWrbYluukMIgLTDk0I0SaBmG9te9kIfofTzbkyNnwSE_WG9pO 3xEkrbXt9YQnmSdFmxTy8Fjkxg6D4VAvDQTAsj4E1tSCWwEUxM_OTp wt3ZUupbNHQ79KeweVHpEELzYfGgE5NsKJs 6ZjcWp1s PyxxKx_UG75cW_t7OfTEF7loIPzRX47jBpXhGLZG7yA6bWLNkQcCl6J5w7dpaRkVUHfKQ71t8RS5RtqX7FhszNtNn93HX3j5Jn6jf5MMEYyEJoZszipBRTkBlQK7RCx6UF23EA=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/Wk3FatM8GbJ GoZe61VCE1m3jvjU8p8le ZdlDDtuiXCtzoX9FqNkUkYG3EHV0hX3IfaNbT8M_otR8mGV7z0DV0gThnx7b 0f G9KyvkBNEL6 A7OhUwNdyE1OSVFYKusaPRUg5UUE1zkBJZsKb2G9HTSfuCPPGEe4h d6g9uIgDeY52h1ZfnaTYWgImnakndOqwzbnGoZ9HewBrrEWBpgh xJ5IvEbxv3Wd8nIh8rA5svxetjaNC5Lhe36w4VDdF9MdQq9jpw96F6I1bXoUtHamJgNtDNDpbDGWWiZYzoYfFYbs9AzfQAd_dN_3OJHHYDy_JWZ_V1L37uEEGyBL4bz03ssne1jpfC_9wdB0PyvgaUlS2cY=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/ZmdJjvcdSyDAb_ECZ80VHC9bErbFa3kC 1ZjrVKT0ya_z6gbWs Tye20Vay6PSUX Q qPKVz54DKn9OKLZcuCJ7ld2PhxPjeVrM_i3T_5Socuctna4NeGgXeONNMm7mC4SPbwgHp9IQaAsaAQM3EEj7aH788tpnAlv1eUqCTAGbxMJi5xFioIs82Xf sol2mrMz3AoieikxLHEdvwfahSULh0q9ZmgScN3Ppt0fB5fMlkXoOSV1pPuLp1UZkI9VRIQP67EsmSpJXRlRw9fsKUEFdIsZRNixT4LtjphahC1ATyLAgidspKEKkHz60sE0mxD59gKnZlnofnuSE2Rz0B4BonjqX7mskl1PACdymmxaVc5N2Z4=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/_Rsb_RYB5TnlhVnRBv3Yk 5JdYgamWg1La5r32bJyk bLqvwcipInyO5KRTrmdaHzg4FGaTB5eJQGFuPAYKoKGJoeLLK09PE4fOp2bhYMImhIyKW8COLXjwrHUvWZwjPXO4sghT2mxULmmDiVmx4icTgqiiR7mr4tlDZg o9ZJ8pm8vY jZAKRtqOyUy bmWtoEDTDiaA IZasAUE FzgNLbQlbAmd6x4W5393rrViEou8t3b8Z3VN_EO5nK4xppEysZTtdkl9lyXtrGEpOhweyN9P4R_xUQNcwrE_zHfdumGoAWpqfIABQf3oDIuhg3rLA7MKU4 KwklN76FSqv54xnrZRok2sB3Cy14d1sA7iC8CDSw7w=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/u6w78 HapvQOKT1AgHiJidBfXEdIowwUyNN68Qg3IXZggqL8bB8hei26pCuiZlcr26aA9WWFw6fjS6dh2yx6GYE3AqkNsczWhWZOSnVlCNsifDHBDZggQGz0iJF1HjM7Vx dGvMMoxOQoqhau2bna5D6NrF9QVnkEuc2p07iP_ZWpHZ4wNXPMiiTZiDjvMnoQYdsqts uJ0XRQijaYHcXf3MCyPE6gphshDfWV5PeXLZ2YYU9mPlWqx9IOe8EvmBWtjX4bOUH__J6WrsT3o0UmSGobtSxSt ssecC1Xupm1g_Od9ay6KJzn7KwbasMF5gDrLr eQJhfulMVVlg5wbCQABendX1oO7H0y7x3H_1fzk_yRFaE=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/YjRoMwzNv4VkY93KZQD00HCA6tbHHBGv8lq7yFsygCKW2dW2bwyuabCr npvORDkHKK8Cch7OXNghVuQ8qbS2TEAffcthzooj3 7bzUJGnQuQO97w6SoGvP1dwYLeBg3lS1nyciezHlA4dRQ3VZWrQvt 7DIk0Rrfoo_sBvQLEMeChyax_23a1yoV6YZAHFF9CTb6uoQAgWyL6976PXcoYwpBVIswHWgP46R yZD5tqONCidf7Cagp5FCFWmKA7x882S_VpWOtC04HcXu5ySi0kgavCk6_PegTKVFHtyxz9DUCd0DXwaY3ZOnx4Ys77RoebFnCWjLEjXs0SpUZJFoA_R0IdTY_iVipnoN dAqWx1HCGD3VA=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/X9WP5QTEUCadx45zBSPwSTDTBM2iTTzH9vBrFyNYauft8D8sxZPummwhFWY3JphWGBurcrWe_CSQcVJDpPwL2wFiu0r kMikDJpELc9kIatwUrSxUbzCFAeJnNCJWUT6KT3kFYLkDazo4PgTCF88hlShJzUc3P8qEtrtESyyXW9ZVwNm_EN7wIBGEKoPc Ft3BfwIdXY_ftnEmwDsPfJJbhDIeJW5qhWpsEhARhL5aWTXva1DmFXus CoGNtAq7LNsZ5svKKPqZfuHn6Qn9GfqVX_2VgImWEGxHN4I5QtsiUto2QM_ Lysil10BEaKlTB9o QWyi7ZbxmHa2KczsSYo8SuVFmAZLum_hPwc3_jIJWQglT1A=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/b6CsOc2_QlV3a7K7_LvyhMM8U vbiDbA4frtXkvzgFQDiDF1Ilv0NKV1Xjsug83sebU4p4I38aCbQg9YLsXYNph0zwIk2ryZV3c4m9Khwy5_bYNwD29ooJWUHs4bSvA0mML135aXGLmW8boJhnjGJbKVMAxoweJojJRsUDPE8uCiiU8JbhUdu0gl8Fn_VR_ndFn6oJ7YTiSznqc1j4oDaGxeSCobQu24TX9asVdQt9ZP3c7Qqor4F3DuQzDRKkcMZkkmv59F96RkrjSiOh7ad8sCqLLilIAp6dMIPnhhs7l_HbIrykM6wYWFzGIss6QELINC FD5lGOV6VqNvSjLemG2AocivdKd 4YsIVeGZHrIa0DJ6P8=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/vW9UYtwG9MSLQmeIIvdVHqWX8FlOSAIbihTWjidtGtJpZkIZsGZcBoSSRACC9PyrGZaf7BhqY6nJVDs6ZuoGLj8ZP0z7TdGSdpj3OdlTfR4pUsYtk_kpU7rbXIiZUzteR1WijYNm36CJaPoxsH633hvur19BOYRR_dsYwc2Wgq0hukfXzeqInazYjHnopzAjSmCHDgRr2OTxqB7Ox7gSF9MqUcyWpdAMDMFY5Fg5x QdmS0zyysIZIpewe_S4xsgp5NP2GQmKzXBt0Wf71x6xe7asG5 OAVmnx_jd2N3r2aCTTOaMBZ_D6qnfJM5UCPVQO047VaUSJBaHpikIoVrtxYt3d5Ku2yyWSk2CLqPotjuzCDFgBg=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/dHksn32XMjXtASMjj3F0R9hszrBJWEQsqtzWYoFDYMSAtC0h_qTzRvXOl4tV4kxiFVz2XDSUmTGaKfi7sdj8p88_tz_a9lfwizNCfti0HvFdcyCH kg3sL8GXNN3tBORwsfIpZJSaC5EtV3I_DXrFB7bJ6 XZj9Yh5hEO_CWip7O_Cz V4wSIwD2ZTB3_eVforMy IyatEgEjA7OTKl0fEOTszsltNQKl3t_AJV1vBx36xUQojzkTLeCR4SNn010iqMRU8Ok_xTTJQtXKUMxZBmnqX0ruIGVhzMsrnMSUxmA3hxUfHJUyq_LzwR936BsKm0KL0PCLiow6wnNHOQ7pznI4SZwCM3aNxz3GfOzuzowLChT7pg=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/qFT1ibSZE7aLO8NguL7yL_gvM8CyFKj80wZsX0jDDj7D8gyJm1PWyhIucII_shGBkS5I8q6dRoXHBXiUWsAbyVDfIDtXNWCe9qUat02qxjkRLTm1FOBcV7GMC4jeCUvBmIqWp2mY1vXRCzYRNopQWzHokfCTjVhGcBfvy7yix7qB0yv9c2gSJmve45z6HvzM5HPYsZDHsohevTJ0bnFKijQLlrHWCmGgwFT8M08p5COSIGVd5DDCixezwI5EKY2kgn_W47kQtjgafYhV7ovzHFPcph8lcz5nOFNKP5 z4FfLg7e9zONw51HNDKVs6A2mMw8NQ5JvLDxXE4EL3PCROqXf44aRSaQbGdUF8Y2_0O2VchZJMPQ=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

http://www.citysafedl.com/N6LagA GSbQZKC7XUNeutgQXv5wO7psDhPTup6kSVNDSn2POzAior4BLgHesOYpXk0g13NHgf_2hbpob1EN7PThi24mwlUKkQw465Swf6 pXLqNFxHyQ5n8wpUxFetilUU_I5TrMGkeHbpUq6h4qN9WNtF_sKqiV0UkSPbP3FlySns4i9RSIpZgxhgxUnZ6KquGXyzU 5v_Rnyu_roi37LGUXjnYlK6BNTwsEAgdjWjX3Z6xJtzTcfAIz1shjTJBbIa_WMpXoAn8U59Lo7KGSq1Uu5ND3PinNrD7tt174mR7sKGvDzxRsfOnnJXm1awRJ63jgjQW4SkD li_f6DvjSnJGNhKRzu9BU_l2vpqHs CzH2MXJ0=-Gx4AAAQccmiptINUUAtSyCa66I3zQN4Y WRVY5yNThw=

Remove pivot_v4-2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.