» 5ed43fe.exe
Overview
Analysis
File Details
Downloads (10)

5ed43fe.exe

Georgi Georgiev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 5ed43fe.exe by Georgi Georgiev has been detected as adware by 30 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.golgool.info and multiple other hosts.

File name:

5ed43fe.exe

Publisher:

Georgi Georgiev (signed and verified)

MD5:

fd560882ab075a953a37f814aaa51b5f

SHA-1:

e8f7651066614c1471c9c2af72450ba8dfaeeb16

SHA-256:

45521f368923cfbd72d692f9ed6f18803c8b22af9637d2113c9a05e707f8d5c3

Scanner detections:

30 / 68

Status:

Adware

Analysis date:

5/27/2024 8:05:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.113278

465

Agnitum Outpost

PUA.Vonteera

7.1.1

AhnLab V3 Security

Adware/Win32.Vonteera

2015.05.03

avast!

Win32:Adware-gen [Adw]

2014.9-151028

AVG

Generic

2016.0.2943

Baidu Antivirus

PUA.Win32.Agent

4.0.3.151028

Bitdefender

Gen:Variant.Zusy.113278

1.0.20.1505

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

21978

Dr.Web

Trojan.DownLoader12.30328

9.0.1.0301

Emsisoft Anti-Malware

Gen:Variant.Zusy.113278

8.15.10.28.01

ESET NOD32

Win32/AdWare.Vonteera (variant)

9.11566

Fortinet FortiGate

Riskware/Vonteera

10/28/2015

F-Prot

W32/S-c6367e9e

v6.4.7.1.166

F-Secure

Gen:Variant.Zusy.113278

11.2015-28-10_4

G Data

Gen:Variant.Zusy.113278

15.10.25

K7 AntiVirus

Adware

13.203.15784

Kaspersky

not-a-virus:AdWare.Win32.Vonteera

14.0.0.1210

McAfee

Artemis!FD560882AB07

5600.6599

MicroWorld eScan

Gen:Variant.Zusy.113278

16.0.0.903

NANO AntiVirus

Riskware.Win32.Vonteera.dmpbga

0.30.24.1357

Norman

VMProtect.W

11.20151028

Panda Antivirus

Trj/CI.A

15.10.28.01

Quick Heal

PUA.Georgigeor.Gen

10.15.14.00

Reason Heuristics

PUP.WebPick.GeorgiGeorgiev (M)

15.10.28.1

Sophos

Generic PUA OI

4.98

Trend Micro House Call

TROJ_GEN.R02KC0EB115

7.2.301

Trend Micro

TROJ_GEN.R02KC0EB115

10.465.28

Vba32 AntiVirus

AdWare.Vonteera

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39884

File size:

2.1 MB (2,179,152 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\5ed43fe.exe

Digital Signature

Signed by:

Georgi Georgiev

Authority:

COMODO CA Limited

Valid from:

6/6/2014 3:00:00 AM

Valid to:

6/6/2016 2:59:59 AM

Subject:

CN=Georgi Georgiev, O=Georgi Georgiev, STREET="4 Petar Stoinov Str., Chelopechene", L=Sofia, S=Sofia, PostalCode=1617, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

50E7161B35AEFC4CA801C951BEF0279A

File PE Metadata

Compilation timestamp:

1/15/2015 9:35:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:5slE2dG8cz+0vGDWX3PSckEc0hPMCXLrm3renKAE:uE2Ezq0vGDWX3PSckEcQvXLK36c

Entry address:

0x14DB000

Entry point:

56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, D0, 16, 00, 2D, E0, C5, 9F, 05, 05, D7, C5, 9F, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, D9, E4, FF, 0F, 68, AC, C6, 2D, 6B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, CA, 08, D1, 71, DA, 73, F4, 4D, 20, C0, 25, 0D, 6A, C4, 4B, 1F... 
[+]

Entropy:

7.9737 (probably packed)

Code size:

158.5 KB (162,304 bytes)

The file 5ed43fe.exe has been seen being distributed by the following 10 URLs.

http://www.golgool.info/.../c933f7fd3d.exe

http://www.dolfine.info/.../84b08f0.exe

http://www.golgool.info/.../7b7c297246.exe

http://www.golgool.info/.../5ed43fe.exe

http://www.golgool.info/.../39a8bdf.exe

http://www.dolfine.info/.../69e1734a.exe

http://www.dolfine.info/.../0243d6f72.exe

http://www.dolfine.info/.../e79636de.exe

http://www.dolfine.info/.../0720d2.exe

http://www.golgool.info/.../e0f58cd.exe

Remove 5ed43fe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.