home

722b.exe

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 722b.exe by Alexey Kurilenko has been detected as adware by 25 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.
Publisher:
Alexey Kurilenko  (signed and verified)

MD5:
3b417bc0c19130417ea88a449ba6c114

SHA-1:
66fbc566bf3b48ffca4d8f191ca3b26abf0118a5

SHA-256:
e877721ac9b7eb4bc19750a1587b09ba89810bd8f91c0364992667fc195326b0

Scanner detections:
25 / 68

Status:
Adware

Explanation:
JustPlugIt cross-browser extension/BHO delivered via adware installer (WebPick InstalleRex) and includes background service (AssistantSvc). Randomizes files names.

Analysis date:
4/19/2024 2:18:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPlug.29
717

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.01.29

Avira AntiVirus
Adware/MultiPlug.aob
7.11.205.178

avast!
Win32:Agent-AUVV [Trj]
150101-1

AVG
Generic6
2016.0.3215

Bitdefender
Gen:Variant.Adware.MPlug.29
1.0.20.240

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
20878

Dr.Web
Trojan.Crossrider.36840
9.0.1.048

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug.29
8.15.02.17.11

ESET NOD32
Win32/Adware.MultiPlug.ED application
7.0.302.0

F-Prot
W32/S-df3f351d
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPlug.29
11.2015-17-02_3

G Data
Gen:Variant.Adware.MPlug.29
15.2.25

K7 AntiVirus
Unwanted-Program
13.193.14789

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

McAfee
Program.MultiPlug-FUC
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.MPlug.29
16.0.0.144

NANO AntiVirus
Riskware.Win32.MultiPlug.dmnxvw
0.30.0.65070

Panda Antivirus
PUP/TSUploader
15.01.28.01

Reason Heuristics
PUP.WebPick
15.1.28.13

Sophos
PUA 'MultiPlug' (of type Adware)
5.10

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
JustPlugIt
37046

File size:
1.3 MB (1,368,440 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\722b.exe

Digital Signature
Signed by:
Alexey Kurilenko

Authority:
Unizeto Technologies S.A.

Valid from:
6/17/2014 3:20:17 PM

Valid to:
6/17/2015 3:20:17 PM

Subject:
E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
15D51642691B3EE20985639A8FE865DD

File PE Metadata
Compilation timestamp:
6/26/2012 5:49:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:OJRRA+G9yypWrUJMVlVOSmuM+LJzA0Xd0:mRRA99yy/algj+lA06

Entry address:
0x1738E

Entry point:
E8, 19, 39, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, F4, 45, 00, E8, 4C, 11, 00, 00, E8, E6, 3A, 00, 00, 0F, B7, F0, 6A, 02, E8, AC, 38, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C2, 09, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
356.5 KB (365,056 bytes)

Remove 722b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.