» 3a54.exe
Overview
Analysis
File Details

3a54.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 3a54.exe by Stepan Rybin has been detected as adware by 20 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

3a54.exe

Publisher:

Stepan Rybin (signed and verified)

MD5:

da889181df301e1e682414c7e1a7056f

SHA-1:

64e0464151547823e1aac49508e4def8afc77926

SHA-256:

300d198d8c867d414341c3dce3807d3f91ed93d5dad7f98c9093dfb7d38df77a

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 7:33:16 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.04.01

avast!

Win32:Dropper-gen [Drp]

150319-1

AVG

Adware Generic_r.ABT

2014.0.4311

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.MultiPlug.YTRA

21608

Dr.Web

Trojan.Crossrider1.22656

9.0.1.05190

ESET NOD32

Win32/Adware.MultiPlug.GD (variant)

9.11409

Fortinet FortiGate

Riskware/MultiPlug

4/1/2015

F-Prot

W32/S-5d0572ce

v6.4.7.1.166

G Data

Win32.Adware.Multiplug.AL

15.4.25

K7 AntiVirus

Unwanted-Program

13.202.15449

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.Bundler

v2015.04.01.07

McAfee

Program.MultiPlug-FWZ

16.8.708.2

NANO AntiVirus

Riskware.Win32.MultiPlug.dplxdh

0.30.8.659

Reason Heuristics

PUP.WebPick

15.4.1.7

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15330

Sophos

MultiPlug

4.98

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

File size:

471.2 KB (482,504 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\3a54.exe

Digital Signature

Signed by:

Stepan Rybin

Authority:

Unizeto Technologies S.A.

Valid from:

6/27/2014 10:37:40 AM

Valid to:

6/27/2015 10:37:40 AM

Subject:

E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata

Compilation timestamp:

11/22/2013 12:42:43 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:K3qHgWiPzkqxn4cBFg45F47MVtJGOwD0msh1kIaNfcLaNSygfkOhn/zSUStnXk3h:3g3PwqNFgz4VtdmshdaNw5eXKT

Entry address:

0x4525B

Entry point:

E8, D0, 1F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 02, 45, 00, E8, DF, 24, 00, 00, E8, 9D, 21, 00, 00, 0F, B7, F0, 6A, 02, E8, 63, 1F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 28, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

297 KB (304,128 bytes)

Remove 3a54.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.