» ptsfxxxxxxex090000.exe
Overview
Analysis
File Details
Downloads (1)

ptsfxxxxxxex090000.exe

TekTerm Screen Formatter

Zebra Technologies

The application ptsfxxxxxxex090000.exe, “TekTerm Screen Formatter Setup ” by Zebra Technologies has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.zebra.com.

File name:

ptsfxxxxxxex090000.exe

Publisher:

Symbol Technologies Inc. (signed by Zebra Technologies)

Product:

TekTerm Screen Formatter

Description:

TekTerm Screen Formatter Setup

Version:

9.0.43241.0

MD5:

a302957f5e5b506a726eb1a0699799b1

SHA-1:

cf2cfcf831337b2ecccf856bab597041be33cfd5

SHA-256:

57b1cf3da34bd43685c26bb1bdfcdaac4a89819a199abeb58cae43f59904d650

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/15/2024 8:01:48 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.CSH (L)

16.12.9.18

File size:

468.5 KB (479,744 bytes)

Product version:

9.0.43241.0

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Digital Signature

Signed by:

Zebra Technologies

Authority:

thawte, Inc.

Valid from:

12/14/2014 5:00:00 PM

Valid to:

12/14/2016 4:59:59 PM

Subject:

CN=Zebra Technologies, OU=Enterprise, O=Zebra Technologies, L=Holtsville, S=New York, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

73B68F789353BEA69B34734D305A2580

File PE Metadata

Compilation timestamp:

6/19/1992 4:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9338

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file ptsfxxxxxxex090000.exe has been seen being distributed by the following URL.

https://www.zebra.com/content/dam/zebra_new_ia/en-us/software/developer-tools/.../PTSFXXXXXXEX090000.exe

Remove ptsfxxxxxxex090000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.