popservice.exe

PopService

Installmatic, LLC

This is part of the Installmatic installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application popservice.exe by Installmatic has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Installmatic Setup installer. It runs as a separate (within the context of its own process) windows Service named “PopDeals Service Watcher”.
Publisher:
Installmatic, LLC  (signed and verified)

Product:
PopService

Version:
1.0.3.0

MD5:
be99108c0442a152390ca0134e36d0f9

SHA-1:
668e9cd90002dcbb80e8360b55c1a6fecf3e7e24

SHA-256:
5bcfbe77f95a3401012d7b22c262aa7d17e4ee783935faae27933033b943d646

Scanner detections:
24 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/8/2024 4:43:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.POV
520

Avira AntiVirus
ADWARE/PopDeals.83008
8.3.2.2

avast!
MSIL:Adware-O [Adw]
2014.9-150902

AVG
DealApp
2016.0.2998

Baidu Antivirus
Adware.MSIL.Popdeals
4.0.3.1592

Bitdefender
Adware.Agent.POV
1.0.20.1225

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
TrojWare.Win32.Fsysna.CLJ
21945

Dr.Web
Adware.Shopper.979
9.0.1.0245

Emsisoft Anti-Malware
Adware.Agent.POV
8.15.09.02.04

ESET NOD32
MSIL/Adware.Popdeals (variant)
9.12184

Fortinet FortiGate
Adware/Popdeals
9/2/2015

F-Secure
Adware.Agent.POV
11.2015-02-09_4

G Data
Adware.Agent.POV
15.9.25

IKARUS anti.virus
AdWare.MSIL.Popdeals
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.205.16420

Malwarebytes
PUP.Optional.PopDeals
v2015.09.02.04

McAfee
Artemis!6614E44A983E
5600.6654

MicroWorld eScan
Adware.Agent.POV
16.0.0.735

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installmatic (M)
15.9.2.16

Sophos
Virus 'Mal/MSIL-LL'
5.14

Trend Micro House Call
Suspicious_GEN.F47V0608
7.2.245

VIPRE Antivirus
MSIL.Adware.Popdeals
41614

File size:
81.1 KB (83,008 bytes)

Product version:
1.0.3.0

Copyright:
Copyright © 2015

Original file name:
popservice4.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Installmatic Setup

Language:
Language Neutral

Common path:
C:\Program Files\popservice\popservice.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/22/2015 9:00:00 PM

Valid to:
7/22/2016 8:59:59 PM

Subject:
CN="Installmatic, LLC", O="Installmatic, LLC", STREET="80 SW 8th St #2000", L=Miami, S=FL, PostalCode=33130, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2D13291AEE51B2226F83396FCD33C1F1

File PE Metadata
Compilation timestamp:
8/24/2015 12:18:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:U5Qtl/I0JVpO9H19GeoXX9nj19C8LVyhcB/S2lUtUriI:UufQ0/pO9HjoXX9nj148LVyhclbd

Entry address:
0x13F1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
72 KB (73,728 bytes)

Service
Display name:
PopDeals Service Watcher

Service name:
PopService

Description:
Watchdog service for PopDeals

Type:
Win32OwnProcess


Remove popservice.exe - Powered by Reason Core Security