» 294823_.exe
Overview
Analysis
File Details

294823_.exe

by for one

Daniel Palad

The application 294823_.exe by Daniel Palad has been detected as adware by 31 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

294823_.exe

Publisher:

removing structures large (signed by Daniel Palad)

Product:

by for one

Version:

8.4.0.0

MD5:

1dbc69fd9163aafaeee1b595761fe7fd

SHA-1:

086b916638c210d168d21cf9a5566661785c9210

SHA-256:

fc01786491dedc2e597de62f49c5d016027e4f7d1529795a6b8eb298368463d9

Scanner detections:

31 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/19/2024 6:38:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.101

864

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

14.09.23

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.145.66

avast!

Win32:MultiPlug-BB [PUP]

140908-2

AVG

Adware Generic_r.JY

2014.0.4015

Bitdefender

Gen:Variant.Adware.Dropper.101

1.0.20.1330

Bkav FE

W32.MultiPlugAR.Adware

1.3.0.4959

Clam AntiVirus

Win.Adware.Agent-6580

0.98/19419

Comodo Security

Application.Win32.Multiplug.R

18165

Dr.Web

Trojan.Crossrider.17520

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

14.09.23

ESET NOD32

Win32/AdWare.MultiPlug.R application

7.0.302.0

F-Prot

W32/A-dacaee66

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper.101

11.2014-23-09_3

G Data

Gen:Variant.Adware.Dropper.101

14.9.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.176.11873

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.3207

Malwarebytes

PUP.Optional.MultiPlug.A

v2014.09.23.12

McAfee

PUP-FID!08554BF4C7CB

5600.6998

MicroWorld eScan

Gen:Variant.Adware.Dropper.101

15.0.0.798

NANO AntiVirus

Trojan.Win32.Crossrider.cuwgpc

0.28.0.59492

Panda Antivirus

Trj/Genetic.gen

14.09.23.12

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.DanielPalad.H

14.9.23.12

Rising Antivirus

PE:Malware.MultiPlug!6.13CF

23.00.65.14921

Sophos

MultiPlug

4.98

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

28594

Zillya! Antivirus

Trojan.Black.Win32.16754

2.0.0.1856

File size:

1.9 MB (1,944,928 bytes)

Product version:

8.4.0.0

Original file name:

are

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\294823_.exe

Digital Signature

Signed by:

Daniel Palad

Authority:

Unizeto Technologies S.A.

Valid from:

1/8/2014 10:22:34 AM

Valid to:

1/8/2015 10:22:34 AM

Subject:

E=daniel.palad@hotmail.com, CN="Open Source Developer, Daniel Palad", O=Daniel Palad, C=IL

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

40E879F8942E9B666656C235479922A6

File PE Metadata

Compilation timestamp:

5/19/2014 11:07:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:+Zti6QPMD4BnUIdYBYurLnvMON2SZU0efRQQL:5JM0BiYukGyL

Entry address:

0x10B8B

Entry point:

E8, 4E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F8, 21, 42, 00, E8, 2F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, E1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A0, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

103.5 KB (105,984 bytes)

Remove 294823_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.