» extension64.dll
Overview
Analysis
File Details

extension64.dll

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The module extension64.dll by Fedorov Paul has been detected as adware by 2 anti-malware scanners.

File name:

extension64.dll

Publisher:

Fedorov Paul (signed and verified)

Version:

1.0

MD5:

90eea4e2cef58f81afd09d41ca8a695a

SHA-1:

59b0e6ee429a46f005ef8b4c4d70eee3d94c72ea

SHA-256:

001e9b648897e0c0d7c4aee66f01529f44bc17f7861b6b4221a749e8e88dc15c

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/26/2024 9:52:28 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.BGuard.31

9.0.1.0225

Reason Heuristics

PUP.Webpick.FedorovPaul (M)

15.8.13.17

File size:

490.6 KB (502,400 bytes)

Product version:

1.0

Original file name:

Extension.dll

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\gigabase\basement\extension64.dll

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

8/28/2012 3:00:00 AM

Valid to:

8/29/2013 2:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

702D4055EE5CC734192DCBDFFE7AE8E1

File PE Metadata

Compilation timestamp:

6/5/2013 9:59:04 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:7tjK8nGLgvka7IGj0mLmKhQ4syILntTRolBsnQ1crNiP+5TEh1bXT2ycTB6N2lKr:pNSzGth4yILtT6lKYG5TY5cTB62sQIOa

Entry address:

0x3C714

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 43, 65, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 41, 54, 41, 55, 48, 83, EC, 40, 48, 89, 64, 24, 30, 45, 8B, E0, 48, 8B, FA, 48, 8B, F1, 45, 33, ED, 41, 8B, C5, 49, 3B, CD, 0F, 95, C0, 41, 3B, C5, 75, 26, E8, 59, 24, 00, 00, C7, 00, 16, 00, 00, 00, 4C, 89, 6C... 
[+]

Code size:

332 KB (339,968 bytes)

Remove extension64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.