popcom4.exe

Installmatic, LLC

This is part of the Installmatic installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file popcom4.exe by Installmatic has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Installmatic Setup installer. This file is typically installed with the program PopCom. While running, it connects to the Internet address vip0x054.map2.ssl.hwcdn.net on port 443.
Publisher:
PopCom  (signed by Installmatic, LLC)

Product:
PopCom

Version:
1.0.3.0

MD5:
d30157989ed033b7f7ec7849c15c3247

SHA-1:
faa89be2d691f24365f5bba7d9d2e06ffcff48db

SHA-256:
a38fdec44ddbe7980238938ab75d5ebbd1568e77358d30a59629b68eba7b0838

Scanner detections:
6 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 12:53:57 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/PopDeals.A.217
8.3.2.2

Bkav FE
W32.HfsAdware
1.3.0.7133

Dr.Web
Adware.Shopper.979
9.0.1.0252

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installmatic.PopCom (M)
15.9.9.14

Sophos
Mal/MSIL-LL
4.98

File size:
479.6 KB (491,072 bytes)

Product version:
1.0.3.0

Copyright:
Copyright © 2015

Original file name:
popcom4.exe

Bundler/Installer:
Installmatic Setup

Common path:
C:\windows\temp\tmpc685.tmp

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/23/2015 1:00:00 AM

Valid to:
7/23/2016 12:59:59 AM

Subject:
CN="Installmatic, LLC", O="Installmatic, LLC", STREET="80 SW 8th St #2000", L=Miami, S=FL, PostalCode=33130, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2D13291AEE51B2226F83396FCD33C1F1

File PE Metadata
Compilation timestamp:
8/20/2015 11:11:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:pjkoo1qCw2lqYvOXwGYuHpmEg54g/RUhG3RTQjGtnS81e:pjrNCfqlgGNJmEC/2hP

Entry address:
0x7E00A

Entry point:
FF, 25, 00, E0, 47, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
83 KB (84,992 bytes)

The file popcom4.exe has been discovered within the following program.

PopCom  by PopCom
About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 32.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.50:443)

TCP (HTTP SSL):
Connects to b3.e0.559e.ip4.static.sl-reverse.com  (158.85.224.179:443)

TCP (HTTP SSL):
Connects to ec2-52-21-253-164.compute-1.amazonaws.com  (52.21.253.164:443)

TCP (HTTP SSL):
Connects to ec2-52-0-41-11.compute-1.amazonaws.com  (52.0.41.11:443)

TCP (HTTP SSL):
Connects to ec2-54-88-180-224.compute-1.amazonaws.com  (54.88.180.224:443)

TCP (HTTP):
Connects to ec2-54-235-182-183.compute-1.amazonaws.com  (54.235.182.183:80)

TCP (HTTP SSL):
Connects to a23-41-196-153.deploy.static.akamaitechnologies.com  (23.41.196.153:443)

TCP (HTTP):
Connects to a104-79-243-200.deploy.static.akamaitechnologies.com  (104.79.243.200:80)

TCP (HTTP SSL):
Connects to ipv4_1.lagg0.c006.for001.ix.nflxvideo.net  (198.38.127.130:443)

TCP (HTTP):
Connects to hosted-by.reliablesite.net  (103.195.100.242:80)

TCP (HTTP):
Connects to hardtds.xyz  (213.159.213.92:80)

TCP (HTTP):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:80)

TCP (HTTP SSL):
Connects to ec2-54-89-43-47.compute-1.amazonaws.com  (54.89.43.47:443)

TCP (HTTP SSL):
Connects to ec2-54-85-220-224.compute-1.amazonaws.com  (54.85.220.224:443)

TCP (HTTP SSL):
Connects to ec2-54-82-144-83.compute-1.amazonaws.com  (54.82.144.83:443)

TCP (HTTP):
Connects to ec2-54-247-85-245.eu-west-1.compute.amazonaws.com  (54.247.85.245:80)

TCP (HTTP SSL):
Connects to ec2-52-207-157-138.compute-1.amazonaws.com  (52.207.157.138:443)

TCP (HTTP SSL):
Connects to ec2-34-192-70-28.compute-1.amazonaws.com  (34.192.70.28:443)

TCP (HTTP SSL):
Connects to ec2-34-192-136-22.compute-1.amazonaws.com  (34.192.136.22:443)

TCP (HTTP SSL):
Connects to ec2-107-21-48-181.compute-1.amazonaws.com  (107.21.48.181:443)

Remove popcom4.exe - Powered by Reason Core Security