repair_ntfs_file_system.exe

Pibeha

LAM Proactive And Investments Ltd

The application repair_ntfs_file_system.exe, “Pibeha Setup ” by LAM Proactive And Investments has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.fungiftsafe.com.
Publisher:
Kat   (signed by LAM Proactive And Investments Ltd)

Product:
Pibeha

Description:
Pibeha Setup

MD5:
ad805cb98b25c3a3111982de651b7ee3

SHA-1:
07108a30a3520e19523b7fb8e4c8ad4053f6587b

SHA-256:
fad07748c2ce7ddc33e64742abdd0bc9d997aae2c3d9aead564eb8279672c9c5

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/24/2024 12:13:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.16.3

File size:
1.1 MB (1,200,912 bytes)

Product version:
1.4.0

Copyright:
Internet Web File

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\repair_ntfs_file_system.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/27/2016 1:32:19 PM

Valid to:
9/28/2017 1:32:19 PM

Subject:
CN=LAM Proactive And Investments Ltd, O=LAM Proactive And Investments Ltd, L=Herzliya, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
48A70B6CBCEF24E4DCCED5ED

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9725

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file repair_ntfs_file_system.exe has been seen being distributed by the following URL.

http://www.fungiftsafe.com/NAQ_XVwXd3MJlO7tUDAR5v_gY7sy92hVyzaPQdv Y83mnMmv2YYjGnWe aATvCjZFWRBpFWbOFSxFPsAUEMbnzXJnHUazjS7S5xicqKyK NIRLlBVwb Odp58spqwN72hkVl3GLhT7DX CldrMzkKirc o8NDum_8x6YYLkT1t6sm7zCZlYPZa_CXwkKpDyA8EqjoNbjiSQIEs83MQs8m8bowsJ7fb0pPjaTr0_oEggfb2Ny7Tbqb_U_3Cg2w3cG3CkuHC9Rd4TPVRmAxIGxEfjB6sUdP4Vb52HJps DsaV8eIJ4tVA5hHi6A5nsg_ gxkwqwTQPljwUjCeAVVFDgOIGRJwj9RHjH92MG9YadX8mxdfRDz4E6KGfRITO2pgdRGBvIMNRd9jtMCcoC2ILY1octSui1hj1Vbx1aTAn132 l_0J23tGkb0hFYrYtaOULLyllBwm4J5qqUhOXuRs5x4tpaY12hgALByNkgypTeZ0V0AUR0SGYX2wFVqYy0tblkYs5GB8K4AZgOTYTDUZeEzPwe8xhSD0x7VKHi5KSeTKifAFtKU=-G6IAAGRpXUu7KD1cOgCdnECA BcVUB5IIM1TCjC3sSt0K8hAeo70GlNorTy 4S3dDV62FK4fPGP8k49dTygspCkUDqwOyTizD0ni_9vL9_yftg_np0aA3yD_PeQUpZBzPsa6sdmERAA=

Remove repair_ntfs_file_system.exe - Powered by Reason Core Security