» bd10f.exe
Overview
Analysis
File Details

bd10f.exe

Andrey Hmelnikov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application bd10f.exe by Andrey Hmelnikov has been detected as adware by 21 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

bd10f.exe

Publisher:

Andrey Hmelnikov (signed and verified)

MD5:

3b2511265f786e629478f28d30bd52ea

SHA-1:

dc2c6f05dcce4a3e012deab153cdc296f1698a03

SHA-256:

cfbdb5c9d3c9bdc3a0db05f674784ef4854b55e44bf908351f206a0334d0a756

Scanner detections:

21 / 68

Status:

Adware

Analysis date:

4/26/2024 3:36:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Mplug.21

6213306

AhnLab V3 Security

PUP/Win32.MultiPlug

2014.12.22

Avira AntiVirus

ADWARE/MultiPlug.Gen4

7.11.197.30

avast!

Win32:MultiPlug-PB [PUP]

141214-1

AVG

Generic6

2015.0.3253

Bitdefender

Gen:Variant.Adware.Mplug.21

1.0.20.1780

Emsisoft Anti-Malware

Gen:Variant.Adware.Mplug.21

9.0.0.4668

ESET NOD32

Win32/Adware.MultiPlug.ED application

7.0.302.0

F-Prot

W32/S-9f013954

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Mplug.21

5.13.68

G Data

Gen:Variant.Adware.Mplug.21

14.12.24

K7 AntiVirus

Unwanted-Program

13.188.14410

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.Unizeto

v2014.12.22.06

McAfee

Program.MultiPlug-FTA

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Mplug.21

15.0.0.1068

NANO AntiVirus

Riskware.Win32.MultiPlug.dkwqds

0.28.6.64267

Norman

Gen:Variant.Adware.Mplug.21

04.12.2014 14:30:06

Reason Heuristics

PUP.AndreyHmelnikov.F

14.12.22.6

Sophos

PUA 'MultiPlug' (of type Adware)

5.09

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

File size:

1.2 MB (1,237,880 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\bd10f.exe

Digital Signature

Signed by:

Andrey Hmelnikov

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 8:25:04 AM

Valid to:

6/23/2015 8:25:04 AM

Subject:

E=Andrey.Hmelnikov@hotmail.com, CN=Andrey Hmelnikov, O=Andrey Hmelnikov, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

727B500ADD12D49F610A094EBFE02E4B

File PE Metadata

Compilation timestamp:

7/9/2012 2:13:57 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:et0XSiU5LIgrHuqLoIAgGF2HnWAecAebMa:eZR5UUH3LVrvP

Entry address:

0x1CB77

Entry point:

E8, 50, 39, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, B4, 52, 00, E8, 83, 11, 00, 00, E8, 1D, 3B, 00, 00, 0F, B7, F0, 6A, 02, E8, E3, 38, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F5, 09, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

330 KB (337,920 bytes)

Remove bd10f.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.