home

converted file.exe

Itzhak Shternberg

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application converted file.exe, “Installer for Teddy App” by Itzhak Shternberg has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
Teddy App  (signed by Itzhak Shternberg)

Product:
Teddy App

Description:
Installer for Teddy App

Version:
2014.7.3.1536

MD5:
58c23f765cbacad659f9b960175dc493

SHA-1:
24ec6d1cee1be1ebacd38242be2ee26490552c0c

SHA-256:
90d85d2eedd906d58173f9286e60ee316c02b02c4d618e39e617f011f4c4be6d

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/24/2024 4:27:17 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.AntiFW
7.1.1

AhnLab V3 Security
PUP/Win32.TSULoader
2014.07.23

Avira AntiVirus
TR/Kazy.348128.4
7.11.163.102

avast!
Win32:InstalleRex-CG [PUP]
140617-1

AVG
Generic
2015.0.3405

Bkav FE
W32.FamVT.AntiFWK.Trojan
1.3.0.4959

Clam AntiVirus
Win.Trojan.Installerex-101
0.98/19185

Comodo Security
Application.Win32.InstalleRex.KG
18936

Dr.Web
Trojan.WebPick.2735
9.0.1.05190

ESET NOD32
Win32/InstalleRex.M potentially unwanted application
7.0.302.0

G Data
Win32.Application.InstalleRex
14.7.24

IKARUS anti.virus
AdWare.SaveNet
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12806

Kaspersky
Trojan.Win32.AntiFW
15.0.0.494

NANO AntiVirus
Riskware.Win32.InfoLeak.cvgqot
0.28.2.60990

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.AntiFW.A5
7.14.14.00

Reason Heuristics
Adware.WebPick.Installer.T
14.7.22.13

Sophos
MultiPlug
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
326.3 KB (334,088 bytes)

Product version:
1.0.0.3

Copyright:
Copyright © 2014 Teddy App

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
WebPick InstalleRex (Tarma)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\converted file.exe

Digital Signature
Signed by:
Itzhak Shternberg

Authority:
COMODO CA Limited

Valid from:
7/17/2013 2:00:00 PM

Valid to:
7/18/2014 1:59:59 PM

Subject:
CN=Itzhak Shternberg, O=Itzhak Shternberg, STREET=Belkind 2, L=Tel Aviv, S=Tel Aviv, PostalCode=62154, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
54990006BE4A0F29ECCD7EE2F93DC0FC

File PE Metadata
Compilation timestamp:
3/11/2013 10:51:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:+rObUzkuvcBYC47l2xVGt+5qfiy1xAbxWEksxBXy0tzUU2:+rnkuveY3/c5ti4x5pXy0toU2

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Entropy:
7.9294

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove converted file.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.