» downloader_for_harvest moom 64.exe
Overview
Analysis
File Details

downloader_for_harvest moom 64.exe

used of

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application downloader_for_harvest moom 64.exe by Stanislav Kabin has been detected as adware by 24 anti-malware scanners.

File name:

Publisher:

of a (signed by Stanislav Kabin)

Product:

used of

Version:

0.8.0.0

MD5:

6e3ed4f22343fffdef21fe313116635a

SHA-1:

92c0962c85b55b7f04d04925b0c3165561608314

SHA-256:

76c00957032b66a75400071c2c7e70aee346662c59f5b2d17e372d84612dfc88

Scanner detections:

24 / 68

Status:

Adware

Analysis date:

4/25/2024 12:38:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.432869

886

AhnLab V3 Security

PUP/Win32.InstallRex

2014.09.02

Avira AntiVirus

Adware/MultiPlug.aoa

7.11.170.102

avast!

Win32:PUP-gen [PUP]

140813-1

AVG

Adware Generic_r.QP

2014.0.4015

Bitdefender

Gen:Variant.Adware.Kazy.432869

1.0.20.1225

Dr.Web

Trojan.Siggen6.21336

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.432869

9.0.0.4324

ESET NOD32

Win32/AdWare.MultiPlug.AQ application

7.0.302.0

F-Prot

W32/A-1409900d

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy.432869

11.2014-02-09_3

G Data

Gen:Variant.Adware.Kazy.432869

14.9.24

IKARUS anti.virus

PUA.InstallRex

t3scan.1.7.5.0

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.463

Malwarebytes

PUP.Optional.InstallRex

v2014.09.02.12

McAfee

PUP-FMH

5600.7020

MicroWorld eScan

Gen:Variant.Adware.Kazy.432869

15.0.0.735

NANO AntiVirus

Trojan.Win32.Siggen6.dcscvl

0.28.2.61942

Panda Antivirus

Trj/Kazy.AS

14.09.02.12

Reason Heuristics

PUP.StanislavKabin.EE

14.9.1.23

Sophos

MultiPlug

4.98

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.3

VIPRE Antivirus

Threat.4753027

32210

Zillya! Antivirus

Backdoor.PePatch.Win32.38896

2.0.0.1908

File size:

802.9 KB (822,136 bytes)

Product version:

0.8.0.0

Original file name:

volume are

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\downloader_for_harvest moom 64.exe

Digital Signature

Signed by:

Stanislav Kabin

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 4:28:15 AM

Valid to:

6/23/2015 4:28:15 AM

Subject:

E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3469022839E88D596EA6FE14C990AF76

File PE Metadata

Compilation timestamp:

7/21/2014 4:07:58 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:KL4tl+lSdtgnr+h4ZkeZCvAl9xOGYOQeAYU:Kctl3dtgrI4ZkeNRf3QxYU

Entry address:

0x1764E

Entry point:

E8, 9F, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, CD, 42, 00, E8, FC, 0D, 00, 00, E8, 2E, 04, 00, 00, 0F, B7, F0, 6A, 02, E8, 32, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7600 (probably packed)

Code size:

135.5 KB (138,752 bytes)

Remove downloader_for_harvest moom 64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.