home

9zksafjt.exe

system

Itzhak Shternberg

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file 9zksafjt.exe by Itzhak Shternberg has been detected as adware by 28 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. It is also typically executed from the user's temporary directory.
Publisher:
the all are  (signed by Itzhak Shternberg)

Product:
system

Version:
9.0.0.0

MD5:
59cade72660247eb7591ad4ec9138248

SHA-1:
3811361bdabcf9ee101b3fb479d44abc72c03abf

SHA-256:
df83003eba6079f0e0c91e789e9bb8c244814657fd33caadb4f3f3674baf65cf

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
5/1/2024 8:45:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Dropper.103
870

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.Graftor
2014.09.18

Avira AntiVirus
ADWARE/Adware.Gen
7.11.173.16

avast!
Win32:InstalleRex-CG [PUP]
140908-2

AVG
Generic
2015.0.3348

Bitdefender
Gen:Variant.Adware.Dropper.103
1.0.20.1300

Clam AntiVirus
Win.Adware.Graftor-173
0.98/21411

Comodo Security
Application.Win32.Multiplug.GETF
19546

Dr.Web
Adware.Downware.5948
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.103
14.09.17

ESET NOD32
Win32/AdWare.MultiPlug.AP application
7.0.302.0

F-Prot
W32/S-6ec5a763
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Dropper.103
11.2014-17-09_4

G Data
Gen:Variant.Adware.Dropper.103
14.9.24

K7 AntiVirus
Unwanted-Program
13.183.13407

Kaspersky
not-a-virus:HEUR:WebToolbar.Win32.Cossder
14.0.0.3236

Malwarebytes
PUP.Optional.Preload
v2014.09.17.08

McAfee
PUP-FIC
5600.7004

MicroWorld eScan
Gen:Variant.Adware.Dropper.103
15.0.0.780

NANO AntiVirus
Riskware.Win32.MultiPlug.dcemaf
0.28.2.62151

nProtect
Trojan-Clicker/W32.MultiPlug.813288
14.09.17.01

Panda Antivirus
PUP/TSUploader
14.09.17.08

Reason Heuristics
PUP.ItzhakShternberg.M
14.9.17.18

Sophos
MultiPlug
4.98

Vba32 AntiVirus
AdWare.MultiPlug
3.12.26.3

VIPRE Antivirus
Threat.4753027
32938

Zillya! Antivirus
Adware.Cossder.Win32.21
2.0.0.1926

File size:
794.2 KB (813,288 bytes)

Product version:
9.0.0.0

Copyright:
Copyright (c) 2014

Original file name:
all A

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\9zksafjt.exe.part

Digital Signature
Signed by:
Itzhak Shternberg

Authority:
COMODO CA Limited

Valid from:
7/18/2013 1:00:00 AM

Valid to:
7/19/2014 12:59:59 AM

Subject:
CN=Itzhak Shternberg, O=Itzhak Shternberg, STREET=Belkind 2, L=Tel Aviv, S=Tel Aviv, PostalCode=62154, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
54990006BE4A0F29ECCD7EE2F93DC0FC

File PE Metadata
Compilation timestamp:
7/11/2014 10:12:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:NEN60qc2VV3cQgZBtAtgGBKwtm5fTtRCA7q:+ac2VV32ZQayaTt77q

Entry address:
0x1602E

Entry point:
E8, 6B, 75, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, BD, 42, 00, E8, 3C, 27, 00, 00, E8, BC, 0E, 00, 00, 0F, B7, F0, 6A, 02, E8, FE, 74, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A0, 3A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.6937

Code size:
140 KB (143,360 bytes)

Remove 9zksafjt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.