home

aplicaciones de pago android segunda parte.exe

Alexnader Rogozin

The application aplicaciones de pago android segunda parte.exe, “Installer for EZSoftware” by Alexnader Rogozin has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Tarma Installer installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. The file has been seen being downloaded from applicationgrabb.net.
Publisher:
EZSoftware  (signed by Alexnader Rogozin)

Product:
EZSoftware

Description:
Installer for EZSoftware

Version:
2014.7.23.2001

MD5:
32c2be4b5a977c3c698cf7e0f9a3e7bb

SHA-1:
a1e80aae333d1b707056de0c4353eb776593c766

SHA-256:
170fd90510fcd062304f7ad91a5bb945b4cb55b2dc9316afcc25180bf16316c2

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/26/2024 9:46:28 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.AntiFW
7.1.1

Avira AntiVirus
TR/Kazy.324119.50
7.11.164.56

avast!
Win32:InstalleRex-CM [PUP]
140617-1

Bkav FE
W32.FamVT.AntiFWK.Trojan
1.3.0.4959

Comodo Security
Application.Win32.InstalleRex.KG
18997

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/InstalleRex.M potentially unwanted application
7.0.302.0

G Data
Win32.Application.InstalleRex
14.7.24

Kaspersky
Trojan.Win32.AntiFW
15.0.0.494

Malwarebytes
PUP.Optional.Installrex
v2014.07.28.03

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
0.28.2.60990

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.AntiFW.A5
7.14.14.00

Reason Heuristics
Adware.WebPick.Installer.k
14.7.28.3

Vba32 AntiVirus
Downware.TSU
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
314.3 KB (321,792 bytes)

Product version:
1.0.0.3

Copyright:
Copyright © 2014 EZSoftware

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
Tarma Installer

Digital Signature
Signed by:
Alexnader Rogozin

Authority:
Unizeto Technologies S.A.

Valid from:
6/26/2014 7:53:30 AM

Valid to:
6/26/2015 7:53:30 AM

Subject:
E=alexnaderrogozin@yandex.ru, CN=Alexnader Rogozin, O=Alexnader Rogozin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
03B69C746B4DCEA02DAF72658C82739E

File PE Metadata
Compilation timestamp:
3/12/2013 3:51:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:SrfbUzkuvcBYC47l2xMrJO/KNYtlENexAYl47LtOBxLTKgD:SrUkuveY3FVHNYt72gdD

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Entropy:
7.9521

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file aplicaciones de pago android segunda parte.exe has been seen being distributed by the following URL.

http://applicationgrabb.net/.../Aplicaciones de Pago Android Segunda Parte.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.