plsapp.exe

plsapp.exe

Sendori, LLC

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application plsapp.exe by Sendori has been detected as adware by 12 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “plsapp”. This file is typically installed with the program PureLeads by Sendori, LLC which is a potentially unwanted software program.
Publisher:
Sendori  (signed by Sendori, LLC)

Product:
plsapp.exe

Version:
2.2.9.1

MD5:
879c7f2b9b82972225f81fd100754ad4

SHA-1:
e513a2337e91c0b81cb6b16a36b21c3137c28090

SHA-256:
c32ca551d1a3cc148059f386986c97f533504c3f03665701a90f857e33bbbecc

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
11/23/2024 9:40:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Sendori.E
947

Agnitum Outpost
PUA.Sendori
7.1.1

Avira AntiVirus
Adware/Sendori.E.22
7.11.157.204

Bitdefender
Adware.Sendori.E
1.0.20.920

Emsisoft Anti-Malware
Adware.Sendori
8.14.07.03.02

ESET NOD32
Win32/AdWare.Sendori (variant)
8.10023

F-Secure
Adware.Sendori.E
11.2014-03-07_5

G Data
Adware.Sendori
14.7.24

MicroWorld eScan
Adware.Sendori.E
15.0.0.552

nProtect
Adware.Sendori.E
14.06.30.01

Reason Heuristics
PUP.Service.Sendori.G
14.8.7.19

VIPRE Antivirus
Sendori
30820

File size:
3.7 MB (3,846,944 bytes)

Product version:
2.2.9.1

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pureleads\plsapp.exe

Digital Signature
Signed by:

Subject:
CN="Sendori, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sendori, LLC", L=Oakland, S=California, C=US

Serial number:
310642A25A6D9FB4A7E88E32D87A345F

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:eTPSSsFVesBaBR4d3MEOS5HSWqEoi4tAkAfDa5G16QTAQp/H7ami:kSnzMEOYSWgiIAkAbaKbaP

Entry point:
E8, F9, 2F, 01, 00, E9, 78, FE, FF, FF, 6A, 10, 68, 88, D2, 77, 00, E8, C1, 12, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, A3, CF, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 5A, D0, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, A0, 9A, 79, 00, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 19, 60, 00, 00, 59, 89, 7D, FC, 53, E8, 3D, 61, 00, 00, 59, 89, 45, E0, 3B, C7, 0F, 84, 9E, 00, 00, 00, 3B, 35, C8, 9A, 79, 00, 77, 49, 56, 53...
 
[+]

Entropy:
5.8898

Service
Display name:
plsapp

Description:
Sets and maintains plsapp LSP protection on this computer.

Type:
Win32OwnProcess

Depends on:
RPCSS


The file plsapp.exe has been discovered within the following program.

PureLeads  by Sendori, LLC
This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.
pureleads.com
72% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-61-192-194.deploy.static.akamaitechnologies.com  (23.61.192.194:80)

TCP (HTTP):
Connects to server-54-192-36-242.jfk1.r.cloudfront.net  (54.192.36.242:80)

TCP (HTTP SSL):
Connects to qh-in-f188.1e100.net  (74.125.22.188:443)

TCP:
Connects to pe-in-f188.1e100.net  (74.125.20.188:5228)

TCP (HTTP SSL):
Connects to channel-proxy-shv-13-prn1.facebook.com  (69.171.235.19:443)

TCP (HTTP):
Connects to a184-50-238-218.deploy.static.akamaitechnologies.com  (184.50.238.218:80)

Remove plsapp.exe - Powered by Reason Core Security