» extie_setup.exe
Overview
Analysis
File Details
Network (1)

extie_setup.exe

file software needed usage as

Sergiy Maratov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application extie_setup.exe by Sergiy Maratov has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

extie_setup.exe

Publisher:

is a applications related (signed by Sergiy Maratov)

Product:

file software needed usage as

Version:

9.7.0.0

MD5:

206cf0b5e47fd8394e6a03ed9d7faee9

SHA-1:

46f1d912a185e7e906f4fd396b68afe832444f35

SHA-256:

ea6eefb899e51104826ff472a27aa353400f084ae57c355ee26f23f47b163494

Scanner detections:

23 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/24/2024 4:23:17 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

922

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2014.07.29

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.164.60

avast!

Win32:MultiPlug-BF [PUP]

140617-1

AVG

Generic

2015.0.3400

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.1045

Comodo Security

Application.Win32.Multiplug.R

18997

Dr.Web

Trojan.Crossrider.25920

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

8.14.07.28.10

ESET NOD32

Win32/AdWare.MultiPlug.AG application

7.0.302.0

F-Secure

Gen:Variant.Adware.Dropper.103

11.2014-28-07_2

G Data

Gen:Variant.Adware.Dropper.103

14.7.24

IKARUS anti.virus

AdWare.EzDownloader

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.181.12846

Malwarebytes

PUP.Optional.Multiplug

v2014.07.28.10

McAfee

PUP-FLT

5600.7056

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

15.0.0.627

NANO AntiVirus

Riskware.Win32.MultiPlug.dchfuf

0.28.2.60990

Panda Antivirus

Trj/Genetic.gen

14.07.28.10

Reason Heuristics

PUP.Installer.SergiyMaratov.L

14.7.28.9

Vba32 AntiVirus

AdWare.Agent

3.12.26.3

VIPRE Antivirus

Threat.4150696

31208

File size:

1.9 MB (1,943,400 bytes)

Product version:

9.7.0.0

Original file name:

File type:

Executable application (Win32 EXE)

Bundler/Installer:

WebPick InstalleRex

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\temp\extie_setup.exe

Digital Signature

Signed by:

Sergiy Maratov

Authority:

Unizeto Technologies S.A.

Valid from:

6/24/2014 6:43:54 AM

Valid to:

6/24/2015 6:43:54 AM

Subject:

E=SergiyIvanovich@hotmail.com, CN=Sergiy Maratov, O=Sergiy Maratov, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

774A5B60838D600A3706CAB0BC5A6286

File PE Metadata

Compilation timestamp:

7/14/2014 6:41:04 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:5JJttkHVoj0d1vIAPvyx0kh2DVWTI3oynG9iLwY9O:hjIxIqvLkhIVWxyniiLwYQ

Entry address:

0x1750B

Entry point:

E8, 87, 7C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, CE, 42, 00, E8, 6F, 0D, 00, 00, E8, A2, 03, 00, 00, 0F, B7, F0, 6A, 02, E8, 1A, 7C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 53, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

135 KB (138,240 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove extie_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.