home

72bd.exe

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 72bd.exe by Stanislav Kabin has been detected as adware by 23 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. It is also typically executed from the user's temporary directory.
Publisher:
Stanislav Kabin  (signed and verified)

MD5:
c8d51be3887d20f8b39794b65f9dc3e9

SHA-1:
22d9d7170c4287931554d99c7e4679eb02d6736b

SHA-256:
e6516cfb1ea08c92868a98de04e7e4205fc875f6b01711aa607faa5a894d0a67

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/19/2024 8:09:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.28
6505014

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.02.02

Avira AntiVirus
Adware/MultiPlug.aoa
7.11.206.68

avast!
Win32:InstalleRex-CK [PUP]
150101-1

AVG
Generic
2016.0.3212

Bitdefender
Gen:Variant.Adware.Mplug.28
1.0.20.160

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
20920

Dr.Web
Trojan.Crossrider.36840
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.28
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.EL application
7.0.302.0

F-Prot
W32/S-e978168d
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mplug.28
5.13.68

G Data
Gen:Variant.Adware.Mplug.28
15.2.25

K7 AntiVirus
Unwanted-Program
13.193.14824

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

McAfee
MultiPlug-FVF
5600.6868

MicroWorld eScan
Gen:Variant.Adware.Mplug.28
16.0.0.96

Panda Antivirus
PUP/TSUploader
15.02.01.05

Reason Heuristics
PUP.StanislavKabin
15.2.1.5

Sophos
PUA 'MultiPlug' (of type Adware)
5.10

Vba32 AntiVirus
Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
Threat.4753027
36666

File size:
1.1 MB (1,163,640 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\72bd.exe

Digital Signature
Signed by:
Stanislav Kabin

Authority:
Unizeto Technologies S.A.

Valid from:
6/23/2014 1:28:15 PM

Valid to:
6/23/2015 1:28:15 PM

Subject:
E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
3469022839E88D596EA6FE14C990AF76

File PE Metadata
Compilation timestamp:
11/23/2012 1:03:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:tb6Aw/e9J8v8Bs1ce7pP2QZjk1qt6X0lXUKnQ4m:tVz80BsespTudmQL

Entry address:
0x1E8EC

Entry point:
E8, 8B, 36, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, 05, 46, 00, E8, BE, 0E, 00, 00, E8, 58, 38, 00, 00, 0F, B7, F0, 6A, 02, E8, 1E, 36, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2B, 07, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4100

Code size:
363.5 KB (372,224 bytes)

Remove 72bd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.