pureleadssetup.exe

Sendori, LLC

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application pureleadssetup.exe by Sendori has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.download2desktop.com.
Publisher:
PureLeads  (signed by Sendori, LLC)

Product:
PureLeads

Version:
2.0.17.0

MD5:
959ecf83e1f40d4d5b5d7286821bb184

SHA-1:
a55d6cb288501965914f54a3654b69aa8430dfb9

SHA-256:
5f94d836e41bf7e85b757842bcbc4e0b0342325f8a488b21b71766fd62487b56

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/24/2024 12:09:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Sendori.PureLeads (M)
16.3.17.14

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
5.1 MB (5,352,952 bytes)

Copyright:
© PureLeads All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pureleadssetup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/9/2013 5:00:00 PM

Valid to:
12/10/2014 4:59:59 PM

Subject:
CN="Sendori, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sendori, LLC", L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
310642A25A6D9FB4A7E88E32D87A345F

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:b6Zs6B39eC8ksYc911in4O6EdKzP6ytVXSzA+7bSx4NA2Hcs6JccLYUw85y6:bjU399SYkQ6EEKSxM8R5UUw96

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9966  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file pureleadssetup.exe has been seen being distributed by the following URL.

Remove pureleadssetup.exe - Powered by Reason Core Security