» 3b00.exe
Overview
Analysis
File Details

3b00.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 3b00.exe by Stepan Rybin has been detected as adware by 24 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

3b00.exe

Publisher:

Stepan Rybin (signed and verified)

MD5:

a70821bd738043a7483f65ae682658ad

SHA-1:

63602c417afa7237fe35507dd28678a8af62521e

SHA-256:

73008c15931e6857877527ad0c3074a4d1269e3a90716eea412f3f7010a63399

Scanner detections:

24 / 68

Status:

Adware

Analysis date:

4/25/2024 12:58:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.MPlug.31

6766314

AhnLab V3 Security

Adware/Win32.MultiPlug

2015.03.06

Avira AntiVirus

PUA/MultiPlug.11245

7.11.214.38

avast!

Win32:MultiPlug-TP [PUP]

150101-1

AVG

Generic6

2016.0.3179

Bitdefender

Gen:Variant.Adware.MPlug.31

1.0.20.325

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.MultiPlug.YTRA

21309

Emsisoft Anti-Malware

Gen:Variant.Adware.MPlug.31

9.0.0.4799

ESET NOD32

Win32/Adware.MultiPlug.EZ application

7.0.302.0

F-Prot

W32/MultiPlug.H.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.MPlug

5.13.68

G Data

Gen:Variant.Adware.MPlug.31

15.3.25

K7 AntiVirus

Unwanted-Program

13.200.15178

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.MultiPlug

v2015.03.06.02

McAfee

Program.MultiPlug-FVZ

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.MPlug.31

16.0.0.195

NANO AntiVirus

Riskware.Win32.MultiPlug.dobvgw

0.30.0.296

Reason Heuristics

PUP.WebPick

15.3.6.1

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15304

Sophos

PUA 'MultiPlug' (of type Adware)

5.11

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

Zillya! Antivirus

Adware.MultiPlug.Win32.204486

2.0.0.2089

File size:

1 MB (1,068,744 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\3b00.exe

Digital Signature

Signed by:

Stepan Rybin

Authority:

Unizeto Technologies S.A.

Valid from:

6/27/2014 9:37:40 AM

Valid to:

6/27/2015 9:37:40 AM

Subject:

E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata

Compilation timestamp:

10/20/2012 9:45:50 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:MxKdot/Vdvv1cplAMhkT4E3o1tKT/iP27z7u+X9JdHyI2:YKetDvupqMhkEdtJP27z79978

Entry address:

0xCFA51

Entry point:

E8, A7, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, 2E, 4E, 00, E8, B9, 18, 00, 00, E8, 74, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 3A, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E9, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.5545

Code size:

851 KB (871,424 bytes)

Remove 3b00.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.