pricepeep_130001_0101.exe

betwikx

The application pricepeep_130001_0101.exe by betwikx has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bispd.com.
Publisher:
betwikx  (signed and verified)

MD5:
dce55f9ef42344c20e7d4b858d3712d7

SHA-1:
a2409533ac3e5de01a0610453d2729e83832c843

SHA-256:
8c76fc2b3750c2462c2df2eadbc57c7059a4fc5759b2e594a6d6a829f4e79bb7

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:24:37 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
AdInject.Betwikx
2014.0.3644

Bitdefender
Adware.PricePeep.A
1.0.20.1645

Boost by Reason
Adware.betwikx.V
2013.8.4.12

Dr.Web
Adware.Shopper.297
9.0.1.0216

Emsisoft Anti-Malware
Adware.PricePeep
8.13.11.25.09

G Data
Adware.PricePeep
13.11.22

Malwarebytes
Adware.Agent
v2013.08.04.12

MicroWorld eScan
Adware.PricePeep.A
14.0.0.987

nProtect
Adware.PricePeep.A
13.11.14.01

Reason Heuristics
PUP.betwikx.V
14.3.1.0

SUPERAntiSpyware
Trojan.Agent/Gen-FraudPack
10658

Trend Micro House Call
TROJ_GEN.R0CBH07IJ13
7.2.216

Vba32 AntiVirus
AdWare.JS.PricePeep
3.12.24.3

VIPRE Antivirus
Pinball Corporation
23342

File size:
575.9 KB (589,768 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\pricepeep_130001_0101.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/27/2011 4:00:00 PM

Valid to:
11/26/2013 3:59:59 PM

Subject:
CN=betwikx, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=betwikx, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3A0ED371EEFB729EE95DA7D0B644B32B

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:wxBSSUbd67asKPdS8wDAGDcs3R4AG/XSX6OOY34KKXDwXIDYa4Cpq:w7SS067asKPcR4fPJOOJKKTwXIkLC8

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9481

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file pricepeep_130001_0101.exe has been seen being distributed by the following URL.

Remove pricepeep_130001_0101.exe - Powered by Reason Core Security