home

294823_.exe

according of most

Eran Vaterfeld

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 294823_.exe by Eran Vaterfeld has been detected as adware by 29 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. It is also typically executed from the user's temporary directory.
Publisher:
discuss debugging inputting support  (signed by Eran Vaterfeld)

Product:
according of most

Version:
5.5.0.0

MD5:
d24594bd202e42f0bd39c28210d72861

SHA-1:
b257cc58c7b9ef92ec59f245d9b79eee148d003a

SHA-256:
5ece4eab542e6c74d064897eb8dc9e97d72ecd414e28642f205129328bdfc938

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/19/2024 4:05:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Dropper.103
836

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.Agent
2014.10.22

Avira AntiVirus
Adware/Dropr.GE
7.11.180.138

avast!
Win32:InstalleRex-Z [PUP]
141003-0

AVG
Adware Generic_r.RZ
2014.0.4040

Bitdefender
Gen:Variant.Adware.Dropper.103
1.0.20.1475

Clam AntiVirus
Win.Adware.Agent-7567
0.98/21411

Comodo Security
Application.Win32.MegaSearch.ATK
19871

Dr.Web
Trojan.WebPick.2692
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.103
14.10.22

ESET NOD32
Win32/AdWare.MultiPlug.AG application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.445
10/22/2014

F-Prot
W32/A-a1edae3f
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Dropper.103
11.2014-22-10_4

G Data
Gen:Variant.Adware.Dropper.103
14.10.24

K7 AntiVirus
Unwanted-Program
13.184.13741

Kaspersky
not-a-virus:HEUR:WebToolbar.Win32.Cossder
14.0.0.3063

Malwarebytes
PUP.Optional.Multiplug
v2014.10.22.07

McAfee
PUP-FLT
5600.6970

MicroWorld eScan
Gen:Variant.Adware.Dropper.103
15.0.0.885

NANO AntiVirus
Trojan.Win32.WebPick.dbxyjh
0.28.2.62841

nProtect
Trojan-Clicker/W32.Agent.2284456
14.10.21.01

Quick Heal
Adware.VBS.Megasearch.Gen
10.14.14.00

Reason Heuristics
PUP.EranVaterfeld.H
14.10.22.7

Sophos
MultiPlug
4.98

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4786450
33706

Zillya! Antivirus
Trojan.Black.Win32.16793
2.0.0.1962

File size:
2.2 MB (2,284,456 bytes)

Product version:
5.5.0.0

Copyright:
Copyright (c) 2014

Original file name:
storage of most

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\294823_.exe

Digital Signature
Signed by:
Eran Vaterfeld

Authority:
COMODO CA Limited

Valid from:
7/10/2013 3:00:00 AM

Valid to:
7/11/2014 2:59:59 AM

Subject:
CN=Eran Vaterfeld, O=Eran Vaterfeld, STREET=Shtruk 15, L=Tel Aviv, S=Tel Aviv, PostalCode=64042, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CF0201F072612C73F4F11FE23420B802

File PE Metadata
Compilation timestamp:
6/30/2014 8:50:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:8SPaUgBnD/4tUqaX0rj/TYDk2GTclt1dK6w9u803tIbjq/w+Fvg:MnEtUqge/TekzGdC50d5vg

Entry address:
0x192DB

Entry point:
E8, 87, 7C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, EE, 42, 00, E8, 6F, 0D, 00, 00, E8, A2, 03, 00, 00, 0F, B7, F0, 6A, 02, E8, 1A, 7C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 53, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9242  (probably packed)

Code size:
142.5 KB (145,920 bytes)

Remove 294823_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.