» 368210b63f39f.exe
Overview
Analysis
File Details

368210b63f39f.exe

Andrey Hmelnikov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 368210b63f39f.exe by Andrey Hmelnikov has been detected as adware by 9 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

368210b63f39f.exe

Publisher:

Andrey Hmelnikov (signed and verified)

MD5:

6eff8c65c001da81a9d692858ac67fe9

SHA-1:

e6ac11433afdf64c874eb5b848e25595998cf315

SHA-256:

9ace65323e3b7280f0d812ce069561f69eace8cfe8955975f73167e1e5537164

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/26/2024 8:01:50 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.MultiPlug

2014.11.27

Avira AntiVirus

ADWARE/MultiPlug.Gen7

7.11.189.28

AVG

Adware Generic6.DT

2014.0.4189

Comodo Security

Application.Win32.Multiplug.CT

20202

ESET NOD32

Win32/Adware.MultiPlug.DW application

7.0.302.0

Malwarebytes

PUP.Optional.Unizeto

v2014.11.26.11

NANO AntiVirus

Riskware.Win32.MultiPlug.djicag

0.28.6.63726

Reason Heuristics

PUP.AndreyHmelnikov.N

14.11.26.13

Vba32 AntiVirus

SScope.Adware.MultiPlug

3.12.26.3

File size:

984.9 KB (1,008,504 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\368210b63f39f.exe

Digital Signature

Signed by:

Andrey Hmelnikov

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 8:25:04 AM

Valid to:

6/23/2015 8:25:04 AM

Subject:

E=Andrey.Hmelnikov@hotmail.com, CN=Andrey Hmelnikov, O=Andrey Hmelnikov, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

727B500ADD12D49F610A094EBFE02E4B

File PE Metadata

Compilation timestamp:

8/2/2013 1:50:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:h59lxKVGtpjtm2HNcrpeCh4O3ec1O8WyBTr60EZTRA6F1:b9lxKVGtLm2Sr1HyIu0EZtAe

Entry address:

0x43827

Entry point:

E8, 20, 39, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 44, 4F, 00, E8, 53, 11, 00, 00, E8, ED, 3A, 00, 00, 0F, B7, F0, 6A, 02, E8, B3, 38, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C2, 09, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.2767

Code size:

300.5 KB (307,712 bytes)

Remove 368210b63f39f.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.