» BackgroundEngine.exe
Overview
Analysis
File Details
Behaviors (1)

BackgroundEngine.exe

Background Engine Script

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application BackgroundEngine.exe by Fedorov Paul has been detected as adware by 2 anti-malware scanners.

File name:

Publisher:

Fedorov Paul (signed and verified)

Product:

Background Engine Script

Version:

1.0.0.1

MD5:

f213244c384006d5f2b65c1406ed2405

SHA-1:

0e574442668af01ceecc227f773d2768a6e6c31b

SHA-256:

6a8afc9f8fc2b32e134ad713c3740bc776704ee1fd7f2d5306826f6f29320d6c

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/26/2024 9:13:16 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.BGuard.31

9.0.1.0268

Reason Heuristics

PUP.Webpick.FedorovPaul (M)

15.9.25.16

File size:

289.7 KB (296,696 bytes)

Product version:

1.0.0.1

Original file name:

BackgroundEngine.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gigabase\basement\backgroundengine.exe

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

8/28/2012 3:00:00 AM

Valid to:

8/29/2013 2:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

702D4055EE5CC734192DCBDFFE7AE8E1

File PE Metadata

Compilation timestamp:

10/27/2012 9:20:25 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:heokY2zlAHj1Dk/7iJtqtQvi0rX25GqMLgAQN2fBnkHZjqGsq9+vWdXfl0ru:ozqHj1DlVNrG5GrLgA7WZj3sq0Ciu

Entry address:

0x1F5C9

Entry point:

E8, A3, 7A, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, C8, BE, 43, 00, E8, 55, 04, 00, 00, 33, F6, 89, 75, E4, 33, C0, 8B, 5D, 08, 3B, DE, 0F, 95, C0, 3B, C6, 75, 1C, E8, 9D, 0A, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 25, 0A, 00, 00, 83, C4, 14, 33, C0, EB, 7B, 33, C0, 8B, 7D, 0C, 3B, FE, 0F, 95, C0, 3B, C6, 74, D6, 33, C0, 66, 39, 37, 0F, 95, C0, 3B, C6, 74, CA, E8, 43, 7F, 00, 00, 89, 45, 08, 3B, C6, 75, 0D, E8, 5B, 0A, 00, 00, C7, 00, 18, 00, 00, 00, EB, C9, 89, 75, FC, 66, 39, 33, 75, 20... 
[+]

Code size:

198 KB (202,752 bytes)

Internet Explorer Menu Extension

Name:

&Leave a note for Been users

Remove BackgroundEngine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.