» extie_setup.exe
Overview
Analysis
File Details
Network (1)

extie_setup.exe

world information which

Sergiy Maratov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application extie_setup.exe by Sergiy Maratov has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.

File name:

extie_setup.exe

Publisher:

necessitate like (signed by Sergiy Maratov)

Product:

world information which

Version:

2.5.0.0

MD5:

b5b14499c9864bfb24b8f9de9ff5298d

SHA-1:

6f18547208eb008bb851525a593cd15b279ae514

SHA-256:

b94d3f638ae08935a31d1d4e35f2fc22a2d69f17934749bc2cb915f588f27d0a

Scanner detections:

31 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 9:40:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

5535153

Agnitum Outpost

PUA.MultiPlug

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

8.3.1.6

avast!

Win32:MultiPlug-BF [PUP]

150521-0

AVG

Adware Generic5.BDZW

2014.0.4311

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.710

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-8079

0.98/21511

Comodo Security

Application.Win32.MegaSearch.ATK

22210

Dr.Web

Trojan.WebPick.2795

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

10.0.0.5366

ESET NOD32

Win32/AdWare.MultiPlug.AP application

7.0.302.0

Fortinet FortiGate

W32/Generic.AC.445

5/22/2015

F-Prot

W32/A-6075dea0

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper

5.14.151

G Data

Gen:Variant.Adware.Dropper.103

15.5.25

IKARUS anti.virus

AdWare.Graftor

t3scan.1.8.9.0

K7 AntiVirus

Adware

13.204.16000

Kaspersky

not-a-virus:HEUR:WebToolbar.Win32.Cossder

14.0.0.2002

Malwarebytes

PUP.Optional.Multiplug

v2015.05.22.02

McAfee

PUP-FLT

5600.6757

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

16.0.0.426

NANO AntiVirus

Trojan.Win32.WebPick.ddkmpr

0.30.24.1636

Norman

Gen:Variant.Adware.Dropper.103

03.12.2014 13:20:04

Panda Antivirus

Trj/Genetic.gen

15.05.22.02

Quick Heal

AdWare.MultiPlug.r5 (Not a Virus)

5.15.14.00

Reason Heuristics

PUP.Installer.SergiyMaratov

15.5.22.14

Rising Antivirus

PE:Adware.Dropper!6.1AB0

23.00.65.15520

Sophos

PUA 'MultiPlug' (of type Adware)

5.14

VIPRE Antivirus

Threat.4150696

40432

Zillya! Antivirus

Backdoor.Klon.Win32.1086

2.0.0.2187

File size:

1.8 MB (1,895,720 bytes)

Product version:

2.5.0.0

Original file name:

both

File type:

Executable application (Win32 EXE)

Bundler/Installer:

WebPick InstalleRex

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\temp\extie_setup.exe

Digital Signature

Signed by:

Sergiy Maratov

Authority:

Unizeto Technologies S.A.

Valid from:

6/24/2014 1:43:54 PM

Valid to:

6/24/2015 1:43:54 PM

Subject:

E=SergiyIvanovich@hotmail.com, CN=Sergiy Maratov, O=Sergiy Maratov, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

774A5B60838D600A3706CAB0BC5A6286

File PE Metadata

Compilation timestamp:

8/2/2014 2:04:41 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:fLd8kmhIQfhFjquloucUQ2uIlJUUwzxhqQ7:uIOvjquqFi0xhD

Entry address:

0x1918B

Entry point:

E8, 87, 7C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, EE, 42, 00, E8, 6F, 0D, 00, 00, E8, A2, 03, 00, 00, 0F, B7, F0, 6A, 02, E8, 1A, 7C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C3, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.9152 (probably packed)

Code size:

142.5 KB (145,920 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove extie_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.