» 9bb0.exe
Overview
Analysis
File Details

9bb0.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 9bb0.exe by Stepan Rybin has been detected as adware by 24 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

9bb0.exe

Publisher:

Stepan Rybin (signed and verified)

MD5:

df30496dd860aad5f2d051675527e1f0

SHA-1:

caa14ac7a59671e6dfca24fc7aa6291c46a0612e

SHA-256:

a1443a8d9256846f7d856a73b310e3c86b9616e0bc9d26208fff664732bdc1c9

Scanner detections:

24 / 68

Status:

Adware

Analysis date:

5/10/2024 2:52:54 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Mikey.8261

6766314

AhnLab V3 Security

Adware/Win32.MultiPlug

2015.03.06

Avira AntiVirus

PUA/MultiPlug.11245

7.11.214.34

avast!

Win32:MultiPlug-TP [PUP]

150101-1

AVG

Generic6

2016.0.3179

Bitdefender

Gen:Variant.Adware.Mikey.8261

1.0.20.320

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.MultiPlug.YTRA

21309

Emsisoft Anti-Malware

Gen:Variant.Adware.Mikey.8261

9.0.0.4799

ESET NOD32

Win32/Adware.MultiPlug.EZ application

7.0.302.0

Fortinet FortiGate

Riskware/MultiPlug

3/5/2015

F-Prot

W32/S-edc2b943

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Mikey

5.13.68

G Data

Gen:Variant.Adware.Mikey.8261

15.3.25

K7 AntiVirus

Unwanted-Program

13.200.15176

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.MultiPlug

v2015.03.05.10

McAfee

Program.MultiPlug-FVZ

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Mikey.8261

16.0.0.192

NANO AntiVirus

Riskware.Win32.MultiPlug.doekta

0.30.0.296

Reason Heuristics

PUP.WebPick

15.3.5.22

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15303

Sophos

PUA 'MultiPlug' (of type Adware)

5.11

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

File size:

1018.7 KB (1,043,144 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\9bb0.exe

Digital Signature

Signed by:

Stepan Rybin

Authority:

Unizeto Technologies S.A.

Valid from:

6/27/2014 4:37:40 AM

Valid to:

6/27/2015 4:37:40 AM

Subject:

E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata

Compilation timestamp:

9/26/2012 6:57:27 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:GqjWdELl7d26DkztnxCmQ9hSm7pL+OU7VK2EoXJy:9jWAE6A5x0hSml+xRK2PXQ

Entry address:

0xC9901

Entry point:

E8, A7, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, CE, 4D, 00, E8, B9, 18, 00, 00, E8, 74, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 3A, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E9, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.5681

Code size:

826.5 KB (846,336 bytes)

Remove 9bb0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.