home

facebook hack attack 2.56 activation code.exe

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application facebook hack attack 2.56 activation code.exe by Alexey Kurilenko has been detected as adware by 17 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
Alexey Kurilenko  (signed and verified)

MD5:
7a6949ce070ad1100180d1e54ec5b74f

SHA-1:
8d45b0582f0c6cc9dfb49e56093f82d44cbc68e8

SHA-256:
68d4d1d36912b7a32337764db209755436cf52bb33ecd9c8e2daa4dd67157d81

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/27/2024 11:33:16 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.MultiPlug
7.1.1

Avira AntiVirus
Adware/MultiPlug.aob
7.11.166.208

avast!
Win32:InstalleRex-CH [PUP]
2014.9-140807

AVG
Adware Generic5
2015.0.3389

Comodo Security
Application.Win32.GreenApp.RR
19188

Dr.Web
Trojan.Crossrider.28215
9.0.1.0226

ESET NOD32
Win32/AdWare.MultiPlug.BF (variant)
8.10242

herdProtect (fuzzy)
variant of dosukoi(2).exe (Adware)
2014.10.2.18

IKARUS anti.virus
AdWare.SaveNet
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
14.0.0.3405

Malwarebytes
PUP.Optional.DownloaderSS
v2014.08.14.11

McAfee
Trojan.Artemis!BB57FC5359EE
5600.7038

NANO AntiVirus
Riskware.Win32.MultiPlug.ddsvpv
0.28.2.61519

Panda Antivirus
PUP/TSUploader
14.08.07.08

Reason Heuristics
PUP.AlexeyKurilenko.s
14.8.7.17

Sophos
MultiPlug
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
650.4 KB (666,048 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\facebook%20hack%20attack%202.56%20activation%20code.exe

Digital Signature
Signed by:
Alexey Kurilenko

Authority:
Unizeto Technologies S.A.

Valid from:
6/17/2014 2:20:17 PM

Valid to:
6/17/2015 2:20:17 PM

Subject:
E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
15D51642691B3EE20985639A8FE865DD

File PE Metadata
Compilation timestamp:
8/6/2014 5:01:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:mZVunYav79cKnZxCAgX2QRkOSllkpGF57Lsth6RpoX/wR4u22:0sp9cWZVnQecI7Q+pOEE2

Entry address:
0xC461

Entry point:
E8, 3E, 3C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 9F, 41, 00, E8, 19, 16, 00, 00, E8, 0B, 3E, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C4, 2C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
82.5 KB (84,480 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.