» 96fa.exe
Overview
Analysis
File Details

96fa.exe

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 96fa.exe by Alexey Kurilenko has been detected as adware by 14 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. It is also typically executed from the user's temporary directory.

File name:

96fa.exe

Publisher:

Alexey Kurilenko (signed and verified)

MD5:

e615c96ce8ca371d1f1d0392c6492111

SHA-1:

d5f421a9ef48ccfce95e1e33a03607233bd302e7

SHA-256:

eb5e77f2ebdcde70772f618ecfcb1f6d4417025b1498d1d205db152ef5c7b954

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:

4/19/2024 9:08:32 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/MultiPlug.aob

7.11.205.178

avast!

Win32:InstalleRex-CH [PUP]

150126-0

AVG

Generic6

2016.0.3215

Bkav FE

W32.0422Infect.PE

1.3.0.6379

Comodo Security

Application.Win32.AdWare.MultiPlug.VA

20878

ESET NOD32

Win32/Adware.MultiPlug.EL application

7.0.302.0

K7 AntiVirus

Unwanted-Program

13.193.14789

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Microsoft Security Essentials

Threat.Undefined

1.191.3721.0

Panda Antivirus

PUP/TSUploader

15.01.28.01

Reason Heuristics

PUP.WebPick

15.1.28.13

Sophos

PUA 'MultiPlug' (of type Adware)

5.10

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

VIPRE Antivirus

Threat.4786450

36666

File size:

1.1 MB (1,168,760 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\96fa.exe

Digital Signature

Signed by:

Alexey Kurilenko

Authority:

Unizeto Technologies S.A.

Valid from:

6/17/2014 3:20:17 PM

Valid to:

6/17/2015 3:20:17 PM

Subject:

E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

15D51642691B3EE20985639A8FE865DD

File PE Metadata

Compilation timestamp:

10/1/2012 11:04:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:00fbJoGxypnYAOsTwyWKvw1uCqjRSdtuyt3Jf:DNL4pJf7WKvKFqjRwLtZ

Entry address:

0x1AD9A

Entry point:

E8, 8D, 36, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, 15, 46, 00, E8, C0, 0E, 00, 00, E8, 5A, 38, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 36, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2B, 07, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

368 KB (376,832 bytes)

Remove 96fa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.