» converted file.exe
Overview
Analysis
File Details

converted file.exe

used of

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application converted file.exe by Stanislav Kabin has been detected as adware by 32 anti-malware scanners.

File name:

converted file.exe

Publisher:

of a (signed by Stanislav Kabin)

Product:

used of

Version:

0.8.0.0

MD5:

483a9c19f7be3135399b716eb74f30a6

SHA-1:

d2eb30f6a51a2f60a02337b54edc75242813a3b7

SHA-256:

9425c477f5b784d6aea24db45b6794d884eb05205fe5a92af75c3de35eef9e7b

Scanner detections:

32 / 68

Status:

Adware

Analysis date:

4/26/2024 4:42:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.432869

6212523

AegisLab AV Signature

AdWare.MSIL.DomaIQ

2.1.4+

AhnLab V3 Security

Adware/Win32.Agent

2014.07.24

Avira AntiVirus

Adware/MultiPlug.aob

7.11.163.164

avast!

Win32:PUP-gen [PUP]

141214-1

AVG

Adware Generic_r.QP

2014.0.4189

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.1775

Clam AntiVirus

Win.Adware.Dropper-8

0.98/19819

Comodo Security

Application.Win32.GreenApp.RR

19031

Dr.Web

Trojan.Siggen6.21336

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.432869

9.0.0.4668

ESET NOD32

Win32/AdWare.MultiPlug.AQ application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.445

12/21/2014

F-Prot

W32/A-853b85bc

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy.432869

5.13.68

G Data

Gen:Variant.Adware.Dropper.103

14.12.24

IKARUS anti.virus

AdWare.SaveNet

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.181.12819

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.Dropper

v2014.12.21.10

McAfee

Program.PUP-FMH

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

15.0.0.1065

NANO AntiVirus

Trojan.Win32.Siggen6.dcscvl

0.28.2.61148

Norman

Gen:Variant.Adware.Kazy.432869

04.12.2014 14:30:06

nProtect

Trojan-Clicker/W32.MultiPlug.808824

14.09.23.01

Panda Antivirus

PUP/TSUploader

14.12.21.10

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.StanislavKabin.O

14.12.21.22

Sophos

PUA 'MultiPlug' (of type Adware)

5.09

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.3

VIPRE Antivirus

Threat.4150696

31208

Zillya! Antivirus

Backdoor.PePatch.Win32.38896

2.0.0.1930

File size:

789.9 KB (808,824 bytes)

Product version:

0.8.0.0

Original file name:

volume are

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\super important downloads\converted file.exe

Digital Signature

Signed by:

Stanislav Kabin

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 4:28:15 AM

Valid to:

6/23/2015 4:28:15 AM

Subject:

E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3469022839E88D596EA6FE14C990AF76

File PE Metadata

Compilation timestamp:

7/21/2014 4:07:58 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:lL4tl+lSJtPiZ0YdlK1BMYYX56DfF/Bh1B/p:lctl3JtaZ0YQMYYwrtB/B/p

Entry address:

0x1764E

Entry point:

E8, 9F, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, CD, 42, 00, E8, FC, 0D, 00, 00, E8, 2E, 04, 00, 00, 0F, B7, F0, 6A, 02, E8, 32, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7615 (probably packed)

Code size:

135.5 KB (138,752 bytes)

Remove converted file.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.