» 294823_.exe
Overview
Analysis
File Details

294823_.exe

by for one

Andrey Globin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 294823_.exe by Andrey Globin has been detected as adware by 31 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

294823_.exe

Publisher:

removing structures large (signed by Andrey Globin)

Product:

by for one

Version:

8.4.0.0

MD5:

0541e261f6188a76cfa3fbc8f68181a1

SHA-1:

75ec9c3b719e37e551cccfab08d4b8457fc58e06

SHA-256:

499ace0d52b087d440f2b58d7225f69291380cd9a17f2849dfa3e4a1c68a7f18

Scanner detections:

31 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/20/2024 4:36:59 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.101

364

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

16.02.06

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.145.66

avast!

Win32:MultiPlug-AI [PUP]

2014.9-160206

AVG

Generic_r

2017.0.2842

Bitdefender

Gen:Variant.Adware.Dropper.101

1.0.20.185

Bkav FE

W32.MultiPlugAR.Adware

1.3.0.4959

Clam AntiVirus

Win.Adware.Agent-6580

0.98/21411

Comodo Security

Application.Win32.Multiplug.R

18165

Dr.Web

Trojan.Crossrider.4243

9.0.1.037

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.101

8.16.02.06.08

ESET NOD32

Win32/AdWare.MultiPlug (variant)

10.9720

F-Prot

W32/A-f028759e

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper.101

11.2016-06-02_7

G Data

Gen:Variant.Adware.Dropper.101

16.2.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.176.11873

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.703

Malwarebytes

PUP.Optional.MultiPlug.A

v2016.02.06.08

McAfee

PUP-FID!08554BF4C7CB

5600.6498

MicroWorld eScan

Gen:Variant.Adware.Dropper.101

17.0.0.111

NANO AntiVirus

Trojan.Win32.Crossrider.cuwgpc

0.28.0.59492

Panda Antivirus

Trj/Genetic.gen

16.02.06.08

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.WebPick.AndreyGlobin (M)

16.2.6.8

Rising Antivirus

PE:Malware.MultiPlug!6.13CF

23.00.65.16204

Sophos

MultiPlug

4.98

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

28594

Zillya! Antivirus

Trojan.Black.Win32.16754

2.0.0.1926

File size:

1.9 MB (1,955,192 bytes)

Product version:

8.4.0.0

Original file name:

are

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\294823_.exe

Digital Signature

Signed by:

Andrey Globin

Authority:

COMODO CA Limited

Valid from:

9/18/2013 2:00:00 AM

Valid to:

9/19/2014 1:59:59 AM

Subject:

CN=Andrey Globin, O=Andrey Globin, STREET=Gagarina 4, L=Kiev, S=Kiev, PostalCode=02094, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6534084D6A4B724011508EF1B5AD13D6

File PE Metadata

Compilation timestamp:

5/19/2014 10:07:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:2QrhZ5ElChR10vzh7SPpSHOYixtQ7/jGEZZ0uujBL7Ki6M4KJK5Mpxp40q/UqOfD:rZwUPpIEW/GEv0rBL/6M2ipXehy0Rz8J

Entry address:

0x10B8B

Entry point:

E8, 4E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F8, 21, 42, 00, E8, 2F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, E1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A0, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

103.5 KB (105,984 bytes)

Remove 294823_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.