ptnr_20131120.exe

Adpeak, Inc.

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application ptnr_20131120.exe by Adpeak has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3emsmln8xfj03.cloudfront.net.
Publisher:
Adpeak, Inc.  (signed and verified)

MD5:
6a87705d5c24b8d5da0d1eb312b444b5

SHA-1:
9132c2516ec82e706143020a1185fda19e8027f1

SHA-256:
2bc61e842276f97b2ba260116ef8aa757ee280901247d1acb8f686e267fe7b4e

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/24/2024 12:32:49 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Adpeak
2014.0.3611

Bkav FE
W32.Clod147.Trojan
1.3.0.4613

Boost by Reason
Trojan.Adw.Adpeak.N
13.11.23.0

Dr.Web
Adware.Downware.1720
9.0.1.0363

ESET NOD32
Win32/AdWare.Adpeak (variant)
7.9190

herdProtect (fuzzy)
2013.12.20.18

K7 AntiVirus
Unwanted-Program
13.174.10656

Malwarebytes
PUP.Optional.Adpeak
v2013.12.12.07

McAfee
Artemis!6A87705D5C24
5600.7267

Reason Heuristics
PUP.Adpeak.N
14.8.7.17

Sophos
AdPeak
4.96

Trend Micro House Call
TROJ_GEN.F47V1121
7.2.354

VIPRE Antivirus
Adware.Adpeak
24866

File size:
541 KB (553,968 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\ptnr_20131120.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/17/2013 5:00:00 PM

Valid to:
9/24/2014 5:00:00 AM

Subject:
CN="Adpeak, Inc.", O="Adpeak, Inc.", L=Sarasota, S=Florida, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E4C86026B3F1F3BDBEDF4DA58E8FF09

File PE Metadata
Compilation timestamp:
7/14/2013 1:09:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:OiMO5C0cKDpdh4RphM6H/jpiQa/dFWmTzjFuV+u2nETUo89vHRnR+/w:KO5ncKDqR06Gl9TzjFEMvZR+/w

Entry address:
0x31DD

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, 4F, 43, 00, E8, 95, 2E, 00, 00, A3, A4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 3E, 43, 00, E8, 00, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, EE, 2A, 00, 00...
 
[+]

Entropy:
7.9724

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file ptnr_20131120.exe has been seen being distributed by the following URL.

Remove ptnr_20131120.exe - Powered by Reason Core Security