home

294823_.exe

data it of maybe

Andrey Globin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 294823_.exe by Andrey Globin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
recovering perhaps  (signed by Andrey Globin)

Product:
data it of maybe

Version:
8.2.0.0

MD5:
0c1ad53440816e48b5e8a373812f7891

SHA-1:
789a0ffc7f77a288e399b850e13959fac81bb4a4

SHA-256:
c85dfa7a404bd2e681f6dbee4a47f3e6bba8c01faf989c819c8130785e6a1b85

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 10:19:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick (M)
17.3.13.3

File size:
1.9 MB (1,944,824 bytes)

Product version:
8.2.0.0

Copyright:
Copyright (c) 2014

Original file name:
structures spreadsheet index

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\294823_.exe

Digital Signature
Signed by:
Andrey Globin

Authority:
COMODO CA Limited

Valid from:
9/17/2013 7:00:00 PM

Valid to:
9/18/2014 6:59:59 PM

Subject:
CN=Andrey Globin, O=Andrey Globin, STREET=Gagarina 4, L=Kiev, S=Kiev, PostalCode=02094, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6534084D6A4B724011508EF1B5AD13D6

File PE Metadata
Compilation timestamp:
5/15/2014 10:46:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x108AB

Entry point:
E8, 3E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 21, 42, 00, E8, 1F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 90, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9293  (probably packed)

Code size:
102.5 KB (104,960 bytes)

Remove 294823_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.