pm.exe

Price Fountain

PriceFountain

The application pm.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program PriceFountain (remove only) by DealPly Technologies Ltd. which is a potentially unwanted software program. The file has been seen being downloaded from cdn.pmdownloadcdn.com.s3.amazonaws.com and multiple other hosts.
Publisher:
PriceFountain

Product:
Price Fountain

Version:
1.1.0.5

MD5:
12788d729eb61f8f06802c74c091162a

SHA-1:
17cf856b748267b5e1efff5997961a1449b8bba2

SHA-256:
948fb4dbc79be92143f35ac3a5b3e26a06ee6774230b436b77a763cfef995305

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 1:59:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2015090
695

Avira AntiVirus
Adware/DealPly.1171968
7.11.206.210

avast!
Win32:Malware-gen
2014.9-150312

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.1524

Bitdefender
Trojan.GenericKD.2015090
1.0.20.355

Emsisoft Anti-Malware
Trojan.GenericKD.2015090
8.15.03.12.10

ESET NOD32
Win32/DealPly.AC potentially unwanted (variant)
9.11118

Fortinet FortiGate
Riskware/DealPly
3/12/2015

F-Secure
Trojan.GenericKD.2015090
11.2015-12-03_5

G Data
Trojan.GenericKD.2015090
15.3.24

K7 AntiVirus
Trojan
13.187.14319

MicroWorld eScan
Trojan.GenericKD.2015090
16.0.0.213

NANO AntiVirus
Trojan.Win32.DownLoader11.dkhxtx
0.28.6.63850

Norman
Troj_Generic.XOORT
11.20150312

nProtect
Trojan.GenericKD.2015090
14.12.12.01

Qihoo 360 Security
Win32/Virus.Adware.219
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.12.10

Sophos
Generic PUA JO
4.98

VIPRE Antivirus
Trojan.Win32.Generic
35710

File size:
1.1 MB (1,171,968 bytes)

Product version:
1.1.0.5

Copyright:
Copyright © 2015 PriceFountain

Trademarks:
[12345678] [default:default] PriceFountain is a trademark or registered trademark in the U.S. and/or other countries.

Original file name:
pfinst.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\0846756a_stp\pm.exe

File PE Metadata
Compilation timestamp:
2/3/2015 5:02:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:RCYh+QU8mGC7GfuWtVR3UIqo2R37XXq/0Kk/3m:j/qlG4Curnq/Dk/W

Entry address:
0x59ADC

Entry point:
E8, AC, FD, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, 68, 64, 9A, 46, 00, E8, 05, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 56, 8B, 75, 0C, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 85, F6, 75, 15, E8, 59, 3D, 00, 00, C7, 00, 16, 00, 00, 00, E8, C3, 63, 00, 00, 83, C8, FF, EB, 3B, 39, 45, 10, 74, E6, 56, E8, FF, 21, 00, 00, 59, B9, FF, FF, FF, 7F, C7, 45, EC, 49, 00, 00, 00, 89, 75, E8, 89, 75, E0, 89, 4D, E4, 3B, C1, 77, 03, 89...
 
[+]

Code size:
494.5 KB (506,368 bytes)

The file pm.exe has been discovered within the following program.

PriceFountain (remove only)  by DealPly Technologies Ltd.
Price Fountain (SaveSense) is an adware extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.
www.pricefountain.com
76% remove it
 
Powered by Should I Remove It?

The file pm.exe has been seen being distributed by the following 2 URLs.

Remove pm.exe - Powered by Reason Core Security