home

c7bf11b.exe

Andrey Hmelnikov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application c7bf11b.exe by Andrey Hmelnikov has been detected as adware by 24 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from groupsetzipmyjob.org.
Publisher:
Andrey Hmelnikov  (signed and verified)

MD5:
8f92cc3bd9e4675940d86811688e14aa

SHA-1:
d898d844486914a335916e020e45cc9e5d43cc7c

SHA-256:
395dcc3640d984a2394606f48afa51e94e6eb62e282dd1d1f8585a75ffc0032c

Scanner detections:
24 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 6:56:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.30
6375625

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.02.19

Avira AntiVirus
PUA/Multiplug.trou
7.11.211.22

avast!
Win32:MultiPlug-SM [PUP]
150101-1

AVG
Adware Generic6.MHA
2014.0.4257

Bitdefender
Gen:Variant.Adware.Mplug.30
1.0.20.245

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
21126

Dr.Web
Trojan.Crossrider1.17573
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.30
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.EP application
7.0.302.0

F-Prot
W32/S-7d1b6c10
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mplug.30
5.13.68

G Data
Gen:Variant.Adware.Mplug.30
15.2.25

K7 AntiVirus
Unwanted-Program
13.196.15011

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

McAfee
Program.MultiPlug-FVH
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.Mplug.30
16.0.0.147

NANO AntiVirus
Trojan.Win32.Badur.dnvjsh
0.30.0.126

Panda Antivirus
Generic Suspicious
15.02.18.02

Reason Heuristics
PUP.WebPick
15.2.18.14

Sophos
PUA 'MultiPlug' (of type Adware)
5.10

Zillya! Antivirus
Adware.MultiPlug.Win32.188631
2.0.0.2073

File size:
1.1 MB (1,148,280 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\{30a45199-dc18-ed6b-30a4-45199dc14667}\c7bf11b.exe

Digital Signature
Signed by:
Andrey Hmelnikov

Authority:
Unizeto Technologies S.A.

Valid from:
6/23/2014 2:25:04 AM

Valid to:
6/23/2015 2:25:04 AM

Subject:
E=Andrey.Hmelnikov@hotmail.com, CN=Andrey Hmelnikov, O=Andrey Hmelnikov, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
727B500ADD12D49F610A094EBFE02E4B

File PE Metadata
Compilation timestamp:
6/5/2012 8:38:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:dkVzoT/21yWTn8L0xVVnFV0tYeCAfOAn9lJ5lLP87kq09w/Ky+o9:dkRwu15TnU0tFetYeCAfOE9lnxKl09wh

Entry address:
0x1FCEB

Entry point:
E8, 8C, 36, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, CE, 4F, 00, E8, BF, 0E, 00, 00, E8, 59, 38, 00, 00, 0F, B7, F0, 6A, 02, E8, 1F, 36, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2B, 07, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.3634

Code size:
346 KB (354,304 bytes)

The file c7bf11b.exe has been seen being distributed by the following URL.

http://groupsetzipmyjob.org/hp/?q=hnLnkDxjPu2h2jlhab7y2HRLAMiGjnN2eIwXbKVwmiQ8s9KJ2QzoLxux2YHLh78ycETA d3pO3RsPfUtmOSbDB/ 99jRtcN7DTpHzc9UcVJLLMA4IAM/lq7TR2n4MJD1GFXFQ47 nnM35gnLwwAitMPAwVZ203QJ6B1qGM98dxCzGUsc60GIIHQ9jTBMgG/vvoCQQocLUmEtGGGhsFrqFq/tLXgmUAay04Orj6ZQl/GSL/2S0dM5hu3D8VMJS3P7fVaId2x8XA9foQySUA1yfyiAEWl/YJy/KdKJFFzE1InLSNmr0ohln6W9girmUbhUkP2zq4PAky1tr3EoWa4NJVPeRAVTAFL bqu69PqPNotQLDzhL1CgAZVyyhdU6gvS9vlVY C8EPPRvHK YWcVg1SQnbK41E61u6OWP9Qa5A5pYEj8/.../TCukPeuO4im4sS65mdIOOqcP2ZMxchY7fTbG0yzT3C6ij&external_id=1423154000746144302

Remove c7bf11b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.