» repair_ntfs_file_system.exe
Overview
Analysis
File Details
Downloads (1)

repair_ntfs_file_system.exe

Pibeha

LAM Proactive And Investments Ltd

The application repair_ntfs_file_system.exe, “Pibeha Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.fungiftsafe.com.

File name:

Publisher:

Kat (signed by LAM Proactive And Investments Ltd)

Product:

Pibeha

Description:

Pibeha Setup

MD5:

ad805cb98b25c3a3111982de651b7ee3

SHA-1:

07108a30a3520e19523b7fb8e4c8ad4053f6587b

SHA-256:

fad07748c2ce7ddc33e64742abdd0bc9d997aae2c3d9aead564eb8279672c9c5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/23/2024 2:41:11 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore (M)

17.3.16.3

File size:

1.1 MB (1,200,912 bytes)

Product version:

1.4.0

Internet Web File

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\repair_ntfs_file_system.exe

Digital Signature

Signed by:

LAM Proactive And Investments Ltd

Authority:

GlobalSign nv-sa

Valid from:

9/27/2016 1:32:19 PM

Valid to:

9/28/2017 1:32:19 PM

Subject:

CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:

48A70B6CBCEF24E4DCCED5ED

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9725

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file repair_ntfs_file_system.exe has been seen being distributed by the following URL.

http://www.fungiftsafe.com/NAQ_XVwXd3MJlO7tUDAR5v_gY7sy92hVyzaPQdv Y83mnMmv2YYjGnWe aATvCjZFWRBpFWbOFSxFPsAUEMbnzXJnHUazjS7S5xicqKyK NIRLlBVwb Odp58spqwN72hkVl3GLhT7DX CldrMzkKirc o8NDum_8x6YYLkT1t6sm7zCZlYPZa_CXwkKpDyA8EqjoNbjiSQIEs83MQs8m8bowsJ7fb0pPjaTr0_oEggfb2Ny7Tbqb_U_3Cg2w3cG3CkuHC9Rd4TPVRmAxIGxEfjB6sUdP4Vb52HJps DsaV8eIJ4tVA5hHi6A5nsg_ gxkwqwTQPljwUjCeAVVFDgOIGRJwj9RHjH92MG9YadX8mxdfRDz4E6KGfRITO2pgdRGBvIMNRd9jtMCcoC2ILY1octSui1hj1Vbx1aTAn132 l_0J23tGkb0hFYrYtaOULLyllBwm4J5qqUhOXuRs5x4tpaY12hgALByNkgypTeZ0V0AUR0SGYX2wFVqYy0tblkYs5GB8K4AZgOTYTDUZeEzPwe8xhSD0x7VKHi5KSeTKifAFtKU=-G6IAAGRpXUu7KD1cOgCdnECA BcVUB5IIM1TCjC3sSt0K8hAeo70GlNorTy 4S3dDV62FK4fPGP8k49dTygspCkUDqwOyTizD0ni_9vL9_yftg_np0aA3yD_PeQUpZBzPsa6sdmERAA=

Remove repair_ntfs_file_system.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.