» af9e57.exe
Overview
Analysis
File Details
Downloads (3)

af9e57.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application af9e57.exe by Polyanskaya Irina has been detected as adware by 13 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.ussool.info and multiple other hosts.

File name:

af9e57.exe

Publisher:

Polyanskaya Irina (signed and verified)

MD5:

4cc536e4395ca42ebc726713a60c90fa

SHA-1:

028bbfb25368b762cf9ef56c642cfd801d30d3da

SHA-256:

409c66ae12c6e62cf449a33370af1f46184c063bb03ccb9b1a1b8caf3851a8a1

Scanner detections:

13 / 68

Status:

Adware

Analysis date:

5/17/2024 3:49:09 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Vonteera

7.1.1

avast!

Win32:Adware-gen [Adw]

2014.9-150925

Baidu Antivirus

Adware.Win32.Vonteera

4.0.3.15925

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

21701

ESET NOD32

Win32/AdWare.Vonteera (variant)

9.11447

Fortinet FortiGate

Riskware/Vonteera

9/25/2015

K7 AntiVirus

Adware

13.202.15538

McAfee

Artemis!4CC536E4395C

5600.6631

Reason Heuristics

PUP.WebPick.PolyanskayaIrina (M)

15.9.25.22

Trend Micro House Call

ADW_Vonteera

7.2.268

Trend Micro

ADW_Vonteera

10.465.25

VIPRE Antivirus

Trojan.Win32.Generic

39190

File size:

3.1 MB (3,219,536 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\af9e57.exe

Digital Signature

Signed by:

Polyanskaya Irina

Authority:

COMODO CA Limited

Valid from:

8/24/2014 5:00:00 PM

Valid to:

8/25/2015 4:59:59 PM

Subject:

CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata

Compilation timestamp:

3/4/2015 1:27:17 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:o9NBHLheTD3C45SO2jDqsLntB8cjdWFjsoD56DbXuqv2LudberyKWpYpbmpJyc93:ovBrheT7HajnpjAFj56eu2qKizj93

Entry address:

0x590000

Entry point:

56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 30, 16, 00, 2D, E0, C5, A6, 05, 05, D7, C5, A6, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 6D, 28, EB, 3E, 68, AF, 0E, 66, 5F, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, B2, B1, 41, 9E, 1B, D4, 0B, D2, 3F, C6, 72, B7, E7, 59, 31, 4E... 
[+]

Entropy:

7.9773 (probably packed)

Code size:

168 KB (172,032 bytes)

The file af9e57.exe has been seen being distributed by the following 3 URLs.

http://www.ussool.info/.../30bb75.exe

http://www.ussool.info/.../a427eee4.exe

http://www.ussool.info/.../340dd8.exe

Remove af9e57.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.