pluginstall.exe

Applon

The application pluginstall.exe by Applon has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Applon  (signed and verified)

MD5:
6e14b2fedc4252175ab344f4d5ef291d

SHA-1:
ce56ff66611b4ad57c46676aa0859583735c0d11

SHA-256:
cfa8cd4d2044c4ea36369137b49e08210a6fae8607df65f4e0daf4fc86dc9572

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 11:17:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.10.2

File size:
2.7 MB (2,796,896 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\{random}.tmp\pluginstall.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/11/2013 1:00:00 AM

Valid to:
8/12/2014 12:59:59 AM

Subject:
CN=Applon, O=Applon, STREET=44 Primrose Crescent, L=SUNDERLAND, S=Tyne and Wear, PostalCode=SR6 9RJ, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
61D4C21BAC72FFC01DD91677B59DA3E6

File PE Metadata
Compilation timestamp:
8/31/2013 12:31:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:XuHv2yE60LcUhUlK25oBG+6lPzIlBgOXjwD0wfL/+pNRR3yIKAWTVNRDP4k76OO:IuF1WlP+6l0la7Z/4RRiaIEC3O

Entry address:
0x11BFBB

Entry point:
E9, 20, BA, 1A, 00, E9, 6B, 0C, 01, 00, E9, C6, 73, 1A, 00, E9, 11, 7D, 18, 00, E9, 0C, D6, 1B, 00, E9, 87, 76, 18, 00, E9, 02, EA, 04, 00, E9, FD, F2, 02, 00, E9, 78, 61, 01, 00, E9, 13, 8F, 1D, 00, E9, 8E, 9F, 0A, 00, E9, 39, 49, 1D, 00, E9, F4, 97, 1A, 00, E9, CF, 83, 09, 00, E9, 5A, B1, 04, 00, E9, 05, 64, 1A, 00, E9, 50, 28, 17, 00, E9, EB, 17, 22, 00, E9, D6, 61, 1C, 00, E9, 01, 55, 0B, 00, E9, BC, 87, 02, 00, E9, 93, C8, 21, 00, E9, 62, 35, 20, 00, E9, 7D, FB, 19, 00, E9, 48, 4A, 18, 00, E9, C3, B9...
 
[+]

Entropy:
5.6873

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
2.2 MB (2,353,152 bytes)

Remove pluginstall.exe - Powered by Reason Core Security