» 294823_.exe
Overview
Analysis
File Details

294823_.exe

Gal SIMON

The application 294823_.exe by Gal SIMON has been detected as adware by 27 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

294823_.exe

Publisher:

Gal SIMON (signed and verified)

MD5:

e14934181deafc92cdc67a285405ff7a

SHA-1:

8d1bfbc3fa5a2169f8a4e50dc9b6ded0ec841c00

SHA-256:

dd3ae04252de4a1afe9a91eddc79fae6494e4384ca9bc7e151740d26abdfd721

Scanner detections:

27 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/23/2024 3:47:52 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.101

922

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

PUP/Win32.Multiplug

2014.07.29

Avira AntiVirus

TR/Graftor.141601.A

7.11.164.60

avast!

Win32:Adware-gen [Adw]

140617-1

AVG

Adware Generic_r.JY

2014.0.3986

Bitdefender

Gen:Variant.Adware.Dropper.101

1.0.20.1045

Clam AntiVirus

Win.Adware.Agent-6585

0.98/19185

Comodo Security

Application.Win32.Multiplug.GETF

18997

Dr.Web

Trojan.Crossrider.16836

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.101

8.14.07.28.09

ESET NOD32

Win32/AdWare.MultiPlug.R application

7.0.302.0

F-Prot

W32/MultiPlug.C.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper.101

11.2014-28-07_2

G Data

Gen:Variant.Adware.Dropper.101

14.7.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.181.12846

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Agent

14.0.0.3493

Malwarebytes

PUP.Optional.MultiPlug.A

v2014.07.28.09

McAfee

PUP-FID

5600.7056

MicroWorld eScan

Gen:Variant.Adware.Dropper.101

15.0.0.627

NANO AntiVirus

Riskware.Win32.Agent.cxniob

0.28.2.60990

Panda Antivirus

Trj/Genetic.gen

14.07.28.09

Reason Heuristics

PUP.GalSIMON.H

14.7.28.9

Rising Antivirus

PE:Malware.MultiPlug!6.13CF

23.00.65.14726

Sophos

MultiPlug

4.98

VIPRE Antivirus

Threat.4150696

31208

File size:

1.9 MB (1,940,504 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\294823_.exe

Digital Signature

Signed by:

Gal SIMON

Authority:

Unizeto Technologies S.A.

Valid from:

1/20/2014 8:45:57 AM

Valid to:

1/20/2015 8:45:57 AM

Subject:

E=freefilezip@hotmail.com, CN="Open Source Developer, Gal SIMON", O=Gal SIMON, C=IL

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

56A0921E33E959604786E4ECF4196D54

File PE Metadata

Compilation timestamp:

4/29/2014 5:02:35 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:KZkSHk1yLZB6Nr43QQcy/RxOjr9HUji8em4GM:yHnZUriAy/R80ji8et

Entry address:

0x10AFB

Entry point:

E8, 3E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E8, 21, 42, 00, E8, 1F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 90, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

103 KB (105,472 bytes)

Remove 294823_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.