home

BackgroundEngine.exe

Background Engine Script

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application BackgroundEngine.exe by Fedorov Paul has been detected as adware by 2 anti-malware scanners.
Publisher:
Fedorov Paul  (signed and verified)

Product:
Background Engine Script

Version:
1.0.0.1

MD5:
1cc4043d12b1c3ba79fee2a52c234fdd

SHA-1:
486576f39ffb024b999ae6d56e73f862e8d84b15

SHA-256:
28c873e22b573119b8ae97943a6c0df7184b28f953c96596b7695f98a803b73f

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/26/2024 3:45:58 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.BGuard.31
9.0.1.034

Reason Heuristics
PUP.Webpick.FedorovPaul (M)
16.2.3.6

File size:
290.6 KB (297,608 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
BackgroundEngine.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gigabase\basement\backgroundengine.exe

Digital Signature
Signed by:
Fedorov Paul

Authority:
Thawte, Inc.

Valid from:
9/30/2013 3:00:00 AM

Valid to:
10/17/2014 2:59:59 AM

Subject:
CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4775A986F383176992FD70C1405B2DEA

File PE Metadata
Compilation timestamp:
6/5/2013 9:58:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:pqqD9MW3229+KF3qVGoeaYLP4JcRuKrn/LTSN/BKNyLihQvul8bChZtKHZjPBLi5:5G29L3JLPrRuKTLWKWZjJLimOvl

Entry address:
0x1F739

Entry point:
E8, 73, 7A, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 88, BF, 43, 00, E8, 55, 04, 00, 00, 33, F6, 89, 75, E4, 33, C0, 8B, 5D, 08, 3B, DE, 0F, 95, C0, 3B, C6, 75, 1C, E8, 9D, 0A, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 25, 0A, 00, 00, 83, C4, 14, 33, C0, EB, 7B, 33, C0, 8B, 7D, 0C, 3B, FE, 0F, 95, C0, 3B, C6, 74, D6, 33, C0, 66, 39, 37, 0F, 95, C0, 3B, C6, 74, CA, E8, 13, 7F, 00, 00, 89, 45, 08, 3B, C6, 75, 0D, E8, 5B, 0A, 00, 00, C7, 00, 18, 00, 00, 00, EB, C9, 89, 75, FC, 66, 39, 33, 75, 20...
 
[+]

Code size:
198.5 KB (203,264 bytes)

Remove BackgroundEngine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.