» pms-setup-windows-1.82.0.exe
Overview
Analysis
File Details
Programs (1)
Downloads (4)

pms-setup-windows-1.82.0.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from storage.googleapis.com and multiple other hosts.

File name:

MD5:

3dee47b8005bbe6e5b07e62fa074a770

SHA-1:

c164a05ff3ff77ccf2121720088dc6f8c51e959e

SHA-256:

2df02d0b912c6a0aa17988ac5ffb3f19c7d990b45a0c7299a41f5e7ed10af3f0

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/23/2024 2:40:58 PM UTC (today)

Scan engine

Detection

Engine version

ViRobot

Backdoor.Win32.A.Ceckno.35265091

2011.4.7.4223

File size:

33.6 MB (35,265,091 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\pms-setup-windows-1.82.0.exe

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:3rzKZeQ0K+wsLRb0bCXNRU919YTaPDsCpmByhB+kybjToRrdyf:3reJ0K+JRyYTgsCpmByhB+kS6Ryf

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file pms-setup-windows-1.82.0.exe has been discovered within the following programs.

PS3 Media Server by PS3 Media Server

Publisher's description - “PS3 Media Server is a DLNA compliant Upnp Media Server for the PS3, written in Java, with the purpose of streaming or transcoding any kind of media files, with minimum configuration. It's backed up with the powerful Mplayer/FFmpeg packages.”

www.ps3mediaserver.org

About 7% of users remove it

The file pms-setup-windows-1.82.0.exe has been seen being distributed by the following 4 URLs.

https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/.../pms-setup-windows-1.82.0.exe

http://dc363.4shared.com/download/.../pms-setup-windows-1820.exe

http://dc367.4shared.com/download/.../pms-setup-windows-1820.exe

https://ps3mediaserver.googlecode.com/.../pms-setup-windows-1.82.0.exe

Scan pms-setup-windows-1.82.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.