sim_mp_pgr.exe

SweetIM by SweetPacks

SweetIM Technologies Ltd

This installer bundles a number of adware programs including the SweetIM Toolbar, PriceGong and other adware utilities with setup of the downloaded software. The application sim_mp_pgr.exe, “SweetIM Installer by SweetPacks” by SweetIM Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SweetPacks Installer installer. The file has been seen being downloaded from download.perion.com.
Publisher:
SweetIM Technologies Ltd.  (signed by SweetIM Technologies Ltd)

Product:
SweetIM by SweetPacks

Description:
SweetIM Installer by SweetPacks

Version:
4, 1, 0, 1

MD5:
31bcf7df0ffe464e6ff57f07e7b6f440

SHA-1:
641114f68658e376540da592ffc94417227df925

SHA-256:
5281e92664e426ace816033c5e103e1fa3183a2f8282f436cf28f5855d479dc1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:29:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Perion (M)
16.8.1.1

File size:
749.7 KB (767,720 bytes)

Product version:
4, 1, 0, 1

Copyright:
Copyright © 2011 SweetIM Technologies Ltd.

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SweetPacks Installer

Common path:
C:\users\{user}\downloads\sim_mp_pgr.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/10/2011 2:00:00 AM

Valid to:
2/5/2014 1:59:59 AM

Subject:
CN=SweetIM Technologies Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SweetIM Technologies Ltd, L=Ra'anana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E3BF2B52DA9EA7F1B539A7F018F4EC6

File PE Metadata
Compilation timestamp:
8/15/2013 4:54:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:Q8TAD0I4A0ybsVtNbYONLHuz5qD/mZZWuK05CqEAWqsPWm/Yfz2yi/Vnc/48o9W+:ld60bY4Huz4Uv5MAAP/1ldncYj

Entry address:
0x210AE0

Entry point:
60, BE, 00, 50, 56, 00, 8D, BE, 00, C0, E9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 4F, E7, 20, 00, 57, 83, C3, 04, 53, 68, D3, BA, 0A, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.9253  (probably packed)

Code size:
692 KB (708,608 bytes)

The file sim_mp_pgr.exe has been seen being distributed by the following URL.

Remove sim_mp_pgr.exe - Powered by Reason Core Security