home

advanced fix.exe

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application advanced fix.exe by Alexey Kurilenko has been detected as adware by 26 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
Alexey Kurilenko  (signed and verified)

MD5:
b0f9b09b90f3eaf2ae26b080568ffed5

SHA-1:
248b7055734dd965baa8ef972aafdf7004ce910c

SHA-256:
62101698e855098e5d4311a129186a2c60ce7259f5d43979f07c2d6aca095054

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/26/2024 12:17:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.37
655

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.04.22

Avira AntiVirus
TR/Crypt.XPACK.Gen
3.6.1.96

avast!
Win32:InstalleRex-CH [PUP]
150414-0

AVG
Generic6
2016.0.3133

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.15424

Bitdefender
Gen:Variant.Adware.Mplug.37
1.0.20.555

Dr.Web
Trojan.Crossrider1.22966
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.37
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.JE application
7.0.302.0

Fortinet FortiGate
Riskware/MultiPlug
4/24/2015

F-Secure
Gen:Variant.Adware.Mplug
5.13.68

G Data
Gen:Variant.Adware.Mplug.37
15.4.25

IKARUS anti.virus
PUA.Multiplug
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15654

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

McAfee
MultiPlug-FXP
5600.6789

MicroWorld eScan
Gen:Variant.Adware.Mplug.37
16.0.0.333

NANO AntiVirus
Riskware.Win32.MultiPlug.dqwybn
0.30.20.1219

Panda Antivirus
PUP/TSUploader
15.04.21.02

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.Alexeykuri.Gen
4.15.14.00

Reason Heuristics
Threat.WebPick.AlexeyKurilenko
15.4.20.22

Sophos
MultiPlug
4.98

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
Threat.4786450
39354

File size:
380.4 KB (389,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\{e152888d-24f3-c51d-e152-2888d24f2234}\advanced fix.exe

Digital Signature
Signed by:
Alexey Kurilenko

Authority:
Unizeto Technologies S.A.

Valid from:
6/17/2014 7:20:17 AM

Valid to:
6/17/2015 7:20:17 AM

Subject:
E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
15D51642691B3EE20985639A8FE865DD

File PE Metadata
Compilation timestamp:
3/16/2012 5:09:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:n8Hu+ciJIIaCzgy53ODn9d6qpM6ev+f6pLQe48wc3+7jyN4iO0wscExqghV4tM6a:niciJIIaCRk9FSN5Ib8cxPS

Entry address:
0x1E69B

Entry point:
E8, 54, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, B4, 43, 00, E8, 5F, 17, 00, 00, E8, 21, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, E7, 11, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C8, 0B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.1902

Code size:
142 KB (145,408 bytes)

Scheduled Task
Task name:
Bidaily Synchronize Task

Trigger:
Daily (Runs daily at 10:02 PM)


Remove advanced fix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.