home

294823_.exe

Julian Pankratov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 294823_.exe by Julian Pankratov has been detected as adware by 28 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. It is also typically executed from the user's temporary directory.
Publisher:
Julian Pankratov  (signed and verified)

MD5:
ed052c37bc4e5779971c3617d96bd59c

SHA-1:
9bd268a3c43a02222dd91ba1300d72752a60a9c3

SHA-256:
304a1c938e7502635ec8f1352eb2dbe9f25fef98886597a745f4354b45a1e285

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/19/2024 5:18:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NTJ
927

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
Adware/Win32.BHO
2014.07.23

Avira AntiVirus
Adware/Biahont.aoua
7.11.163.102

avast!
Win32:InstalleRex-AL [PUP]
140617-1

AVG
Adware Generic5.AJPZ
2014.0.3986

Bitdefender
Adware.Agent.NTJ
1.0.20.1015

Clam AntiVirus
Win.Adware.Agent-6529
0.98/19185

Comodo Security
Application.Win32.MegaSearch.ATH
18936

Dr.Web
Trojan.Crossrider.14
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.NTJ
8.14.07.22.01

ESET NOD32
Win32/Preloader.C potentially unwanted application
7.0.302.0

F-Prot
W32/Preloader.B3.gen
v6.4.7.1.166

F-Secure
Adware.Agent.NTJ
11.2014-22-07_3

G Data
Adware.Agent.NTJ
14.7.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.181.12806

Malwarebytes
PUP.Optional.InstalleRex
v2014.07.22.01

McAfee
PUP-FEI
5600.7061

MicroWorld eScan
Adware.Agent.NTJ
15.0.0.609

NANO AntiVirus
Trojan.Win32.Crossrider.cmkypa
0.28.2.60990

nProtect
Trojan.GenericKDZ.23772
14.07.22.01

Panda Antivirus
Trj/Genetic.gen
14.07.22.01

Reason Heuristics
PUP.JulianPankratov.H
14.8.7.23

Rising Antivirus
PE:Malware.Biahont!6.E74
23.00.65.14720

Sophos
Preload
4.98

Vba32 AntiVirus
AdWare.MegaSearch
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
1.3 MB (1,384,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\294823_.exe

Digital Signature
Signed by:
Julian Pankratov

Authority:
COMODO CA Limited

Valid from:
10/14/2013 2:00:00 AM

Valid to:
10/15/2014 1:59:59 AM

Subject:
CN=Julian Pankratov, O=Julian Pankratov, STREET=Gagarіna 11, L=Kiev, S=Kiev, PostalCode=02094, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D14C8CC7422B7B416198EEB359191765

File PE Metadata
Compilation timestamp:
9/29/2013 3:06:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:HUavQvvO1faFC0h/zHqFCES5th+8sC9YDQU59KNt55JZYRTvV7zIOHwFdKrF7e7:HUaYvm2pVHqFCxjw8s3E3fYRTt7zIbuI

Entry address:
0x1189F

Entry point:
E8, ED, 40, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 90, 42, 00, E8, 4B, 2A, 00, 00, E8, BA, 42, 00, 00, 0F, B7, F0, 6A, 02, E8, 80, 40, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 32, 21, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
135 KB (138,240 bytes)

Remove 294823_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.