» 2nd chapter of acts - will you remember me.exe
Overview
Analysis
File Details
Downloads (3)
Network (1)

2nd chapter of acts - will you remember me.exe

Sergey Petrov

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application 2nd chapter of acts - will you remember me.exe, “Installer for AppReady Software” by Sergey Petrov has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.

File name:

Publisher:

AppReady Software (signed by Sergey Petrov)

Product:

AppReady Software

Description:

Installer for AppReady Software

Version:

2014.5.4.1639

MD5:

2fbc9f79923ebf4faba476cedfe602f7

SHA-1:

cbfa502fab15a203151213f9b62dc66d058531dc

SHA-256:

70df7b3d0d55a6fbfbc5ffa2bda339fcaaf7b3a9b8d28e2405bdee44dfb3f7fb

Scanner detections:

26 / 68

Status:

Adware

Explanation:

Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:

4/24/2024 10:18:12 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.AntiFW

7.1.1

AhnLab V3 Security

PUP/Win32.TSULoader

2014.08.27

Avira AntiVirus

Adware/InstallRex.yhad

7.11.169.88

avast!

Win32:InstalleRex-BI [PUP]

140813-1

AVG

Generic

2015.0.3370

Bkav FE

W32.FamVT.AntiFWK.Trojan

1.3.0.4959

Clam AntiVirus

Win.Trojan.Agent-728639

0.98/19312

Comodo Security

Application.Win32.InstalleRex.KG

19322

Dr.Web

Trojan.WebPick.29

9.0.1.05190

ESET NOD32

Win32/InstalleRex.M potentially unwanted application

7.0.302.0

F-Prot

W32/InstallRex.B

4.6.5.141

G Data

Win32.Application.EZDownloader

14.8.24

IKARUS anti.virus

PUA.InstallRex

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13166

Kaspersky

Trojan.Win32.AntiFW

15.0.0.463

Malwarebytes

PUP.Optional.AppReady

v2014.08.26.04

McAfee

PUP-FHQ

5600.7026

NANO AntiVirus

Riskware.Win32.InfoLeak.cvgqot

0.28.2.61861

Panda Antivirus

PUP/TSUploader

14.08.26.04

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.AntiFW.A5

8.14.14.00

Reason Heuristics

Adware.WebPick.Installer.k

14.8.26.16

Sophos

InstallRex

4.98

Vba32 AntiVirus

Downware.TSU

3.12.26.3

VIPRE Antivirus

Threat.4753027

32210

Zillya! Antivirus

Trojan.AntiFW.Win32.227

2.0.0.1901

File size:

328 KB (335,840 bytes)

Product version:

1.0.0.3

Original file name:

TSULoader.exe

File type:

Executable application (Win32 EXE)

Installer:

WebPick InstalleRex (Tarma)

Common path:

C:\users\{user}\downloads\2nd chapter of acts - will you remember me.exe

Digital Signature

Signed by:

Sergey Petrov

Authority:

COMODO CA Limited

Valid from:

8/20/2013 9:00:00 PM

Valid to:

8/21/2014 8:59:59 PM

Subject:

CN=Sergey Petrov, O=Sergey Petrov, STREET=Gaydara 13, L=Kyev, S=Kyev, PostalCode=01033, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0AD084E865D27CD546D21DB6EDF89D48

File PE Metadata

Compilation timestamp:

3/12/2013 5:51:45 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:RrmbUzkuvcBYC47l2xmhRvqW6/FC5vQyQuPBoKa7rrnTezFq3WhzC:RrvkuveY3TRvqh9AnvBoKa7r7TezSUC

Entry address:

0x14DB

Entry point:

55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

7.5 KB (7,680 bytes)

The file 2nd chapter of acts - will you remember me.exe has been seen being distributed by the following 3 URLs.

http://www.solutiontoolkituk.info/download/v1273?product_name=2nd Chapter Of Acts - Will You Remember Me&filesize=483.72Mb&product_title=2nd Chapter Of Acts - Will You Remember Me&installer_file_name=2nd Chapter Of Acts - Will You Remember Me&product_file_name=2nd Chapter Of Acts - Will You Remember Me mp3&reffer=http://images.amplified.com/FLVStream/Catalog/141734a5-4d3f-46fe-86cc-edb7c07346c4/Product/7581996d-6d9f-40a3-9e45-a458b559e319/017627129854_01_010_mp3_128k_30sec_0003_102.mp3&AddToPayload="StepReport="1" StepReportUrl="r1.downlload.in" StepReportUrl1="r1.getapplicationmy.info""&product_download_url=<ServerUrl>/.../error.txt&uuid=bvTL0UTdE8E6TP1gtjmEKaMQOWLRdZjlj6NLb6qZBZVUu0mOWN2Nj1RGok3i0awSvIMbz8ib4jMw59M44rXRCz8N9lp3sBsPGptUnYHpesnLeUSzrNZdhhTGb9F2CLJsviDkdx99WKuORAQn2NZ29g9YKwbAIGCxLQcVgFxfGRph5OmlZevsX1w3q28dZtAZxTKSVuSHNik5Ma1AxIxh7gKHj1jt1vuJMeYxexFrcV5zZGSKwdGFKQf1yqsP5NSoFPSx6JgTawc7JUForRHInUvrO55vrUQ9nE7S0qtDJ72189

http://www.solutiontoolkituk.info/v1273?product_name=2nd Chapter Of Acts - Will You Remember Me&filesize=483.72Mb&product_title=2nd Chapter Of Acts - Will You Remember Me&installer_file_name=2nd Chapter Of Acts - Will You Remember Me&product_file_name=2nd Chapter Of Acts - Will You Remember Me mp3&reffer=http://images.amplified.com/FLVStream/Catalog/141734a5-4d3f-46fe-86cc-edb7c07346c4/Product/.../017627129854_01_010_mp3_128k_30sec_0003_102.mp3

http://www.mp3olimp.net/out.php?type=downloadmanager&title=2nd Chapter Of Acts - Will You Remember Me&size=483.72&filename=2nd Chapter Of Acts - Will You Remember Me&product_filename=2nd Chapter Of Acts - Will You Remember Me&url=http://images.amplified.com/FLVStream/Catalog/141734a5-4d3f-46fe-86cc-edb7c07346c4/Product/.../017627129854_01_010_mp3_128k_30sec_0003_102.mp3

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove 2nd chapter of acts - will you remember me.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.