home

7hg_bm.exe

Kiril Klimko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 7hg_bm.exe by Kiril Klimko has been detected as adware by 25 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Kiril Klimko  (signed and verified)

MD5:
ce4e4e7706d8edb80ac058abb282a6f4

SHA-1:
de02dafe7960b9722817a3e716e0efe46069afa3

SHA-256:
5b6c3d73d8e6a3c9220f9520e68ad624e31d5e3fe2fa6e25b3a9a23930b418b0

Scanner detections:
25 / 68

Status:
Adware

Explanation:
JustPlugIt cross-browser extension/BHO delivered via adware installer (WebPick InstalleRex) and includes background service (AssistantSvc). Randomizes files names.

Analysis date:
4/25/2024 6:13:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Dropper.101
1018

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
Adware/Win32.Agent
14.04.23

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.144.234

avast!
Win32:PUP-gen [PUP]
2014.9-140423

AVG
Generic5
2015.0.3496

Bitdefender
Gen:Variant.Adware.Dropper.101
1.0.20.565

Comodo Security
Application.Win32.Multiplug.R
18153

Dr.Web
Trojan.Crossrider.5139
9.0.1.0113

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.101
8.14.04.23.08

ESET NOD32
Win32/AdWare.MultiPlug (variant)
8.9710

F-Secure
Gen:Variant.Adware.Dropper.101
11.2014-23-04_4

G Data
Gen:Variant.Adware.Dropper.101
14.4.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11847

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.04.23.08

McAfee
PUP-FID!CE4E4E7706D8
5600.7152

MicroWorld eScan
Gen:Variant.Adware.Dropper.101
15.0.0.339

NANO AntiVirus
Trojan.Win32.Crossrider.cwafro
0.28.0.59492

Panda Antivirus
Trj/Genetic.gen
14.04.23.08

Reason Heuristics
PUP.KirilKlimko.G
14.4.23.7

Rising Antivirus
PE:Malware.MultiPlug!6.13CF
23.00.65.14421

Sophos
MultiPlug
4.98

Vba32 AntiVirus
AdWare.Win64.MultiPlag
3.12.26.0

VIPRE Antivirus
JustPlugIt
28530

File size:
1.5 MB (1,614,128 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\7hg_bm.exe

Digital Signature
Signed by:
Kiril Klimko

Authority:
COMODO CA Limited

Valid from:
9/2/2013 5:00:00 PM

Valid to:
9/3/2014 4:59:59 PM

Subject:
CN=Kiril Klimko, O=Kiril Klimko, STREET=Perova 21, L=Kiev, S=Kiev, PostalCode=02125, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4F8445DA07CAF9C24D869920925BA182

File PE Metadata
Compilation timestamp:
3/30/2014 12:48:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:QaqcZ/MotIepuowUynd9fQF2R1bUI5FLGMq92nUE68dP/LDLgDXnH7JuGWmsVK:jZEoRdmW2bYI2M7n68dPTjrmsVK

Entry address:
0x109FB

Entry point:
E8, 3E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, 21, 42, 00, E8, 1F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 90, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8999  (probably packed)

Code size:
103 KB (105,472 bytes)

Remove 7hg_bm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.