home

00000000

data vendors manipulates

Anton Lemes

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file 00000000 by Anton Lemes has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
the  (signed by Anton Lemes)

Product:
data vendors manipulates

Version:
6.9.0.0

MD5:
d560cc44217336a48fc6ac8f715afffa

SHA-1:
6cfb5635eba36e319db1df7b9865993953882945

SHA-256:
5e59de35d446d093c447b4d4f785dc0bda405c0959ac779c515c269a00804dc0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 11:40:00 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick.AntonLemes (M)
16.2.9.22

File size:
731.9 KB (749,488 bytes)

Product version:
6.9.0.0

Copyright:
Copyright (c) 2014

Original file name:
networking DBMS used refers

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\file system\001\t\00\00000000

Digital Signature
Signed by:
Anton Lemes

Authority:
COMODO CA Limited

Valid from:
9/20/2013 5:30:00 AM

Valid to:
9/21/2014 5:29:59 AM

Subject:
CN=Anton Lemes, O=Anton Lemes, STREET=Observatornaya 33, L=Kiev, S=Kiev, PostalCode=04053, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7EE7F083BC628C9514088005E13BBEFB

File PE Metadata
Compilation timestamp:
5/13/2014 11:35:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ASS3bJ2o9SnZJ+SmNz6oRXqBDlreWzVrwssycDZG4nUeSxceIIC+W8r/1VvXxfq:ASS3bN8ZJnmk4Xqvr1zVrwDyePwxnlCt

Entry address:
0x10BBB

Entry point:
E8, 4E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 21, 42, 00, E8, 2F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, E1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A0, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8046  (probably packed)

Code size:
103.5 KB (105,984 bytes)

Remove 00000000 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.