» 00000000
Overview
Analysis
File Details

00000000

Sergey Petrov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file 00000000 by Sergey Petrov has been detected as adware by 35 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.

File name:

00000000

Publisher:

Sergey Petrov (signed and verified)

MD5:

7baf6fb0de26d4c4ada51456cc4c26e5

SHA-1:

ca6ebea49cb715eec3f5e92c6304c8d99e474353

SHA-256:

30799d3310e2b2eaf9e792d8333b52b70204f38280df64460dec4f951bdb7187

Scanner detections:

35 / 68

Status:

Adware

Explanation:

Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:

4/19/2024 7:02:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11417981

865

Agnitum Outpost

Trojan.DL.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

14.09.22

Avira AntiVirus

TR/Dldr.Agent.324784

7.11.145.160

avast!

Win32:InstalleRex-BI [PUP]

2014.9-140922

AVG

Generic_r

2015.0.3343

Bitdefender

Trojan.Generic.11417981

1.0.20.1325

Bkav FE

HW32.Laneul

1.3.0.4959

Clam AntiVirus

Win.Trojan.Agent-724019

0.98/19414

Comodo Security

Application.Win32.InstalleRex.AKF

18180

Dr.Web

Trojan.Siggen4.41297

9.0.1.0265

Emsisoft Anti-Malware

Trojan.Generic.11417981

14.09.22

ESET NOD32

Win32/TrojanDownloader.Agent.AKF (variant)

8.9731

Fortinet FortiGate

W32/Agent.AKF!tr

9/22/2014

F-Prot

W32/InstallRex.A.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.11417981

11.2014-22-09_2

G Data

Win32.Application.EZDownloader

14.9.24

herdProtect (fuzzy)

variant of Download.exe (Adware)

2014.12.4.15

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11907

Kaspersky

not-a-virus:Downloader.Win32.Agent

14.0.0.3212

Malwarebytes

PUP.Optional.Installrex

v2014.09.22.01

McAfee

Downloader-FAAV!E08C0813DD2D

5600.6999

MicroWorld eScan

Trojan.Generic.11417981

15.0.0.795

NANO AntiVirus

Trojan.Win32.Siggen4.cvpheq

0.28.0.59492

nProtect

Trojan.Generic.11417981

14.09.22.01

Panda Antivirus

Trj/Genetic.gen

14.12.04.10

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Quick Heal

TrojanDownloader.Agent.A5

9.14.14.00

Reason Heuristics

PUP.SergeyPetrov.I

14.9.22.10

Sophos

InstallRex

4.98

Total Defense

Win32/Tnega.KVDIJa

37.0.10904

Vba32 AntiVirus

TrojanDownloader.Agent

3.12.26.0

VIPRE Antivirus

Installerex/WebPick

28650

Zillya! Antivirus

Downloader.Agent.Win32.185400

2.0.0.1929

File size:

315.2 KB (322,784 bytes)

Common path:

C:\users\{user}\appdata\local\google\chrome\user data\default\file system\004\t\00\00000000

Digital Signature

Signed by:

Sergey Petrov

Authority:

COMODO CA Limited

Valid from:

8/20/2013 8:00:00 PM

Valid to:

8/21/2014 7:59:59 PM

Subject:

CN=Sergey Petrov, O=Sergey Petrov, STREET=Gaydara 13, L=Kyev, S=Kyev, PostalCode=01033, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0AD084E865D27CD546D21DB6EDF89D48

File PE Metadata

Compilation timestamp:

3/3/2014 4:58:19 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:K40W7UXPpy1t5WfTAr9mbwJXOctWN5oZXuC+liAxprQZ9:H0W7UXPp4t5O+9mbw/uC+YAxFQZ9

Entry address:

0x1AC11

Entry point:

E8, 27, 80, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 9C, D5, 43, 00, 75, 02, F3, C3, E9, D2, 81, 00, 00, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, FC, 27, 43, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F4, 10, 43, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F... 
[+]

Entropy:

5.9162

Code size:

188.5 KB (193,024 bytes)

Remove 00000000 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.