home

farruko ft yandel.exe

Rodion Veresev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application farruko ft yandel.exe by Rodion Veresev has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from groupsetzipmyjob.org.
Publisher:
Rodion Veresev  (signed and verified)

MD5:
adeb626552f75d249e4f0a6fee2a9e42

SHA-1:
ae77c3f68cc581dc47eb3b222fd5157c684e11a2

SHA-256:
de3e9621d7e6db6df7a39f15bb5fface14994dec9fc5458dac4475043bbb4579

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/14/2024 4:44:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick (M)
17.3.13.12

File size:
352.9 KB (361,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\farruko ft yandel.exe

Digital Signature
Signed by:
Rodion Veresev

Authority:
Unizeto Technologies S.A.

Valid from:
6/25/2014 7:22:58 AM

Valid to:
6/25/2015 7:22:58 AM

Subject:
E=rodion.veresev@yandex.ru, CN=Rodion Veresev, O=Rodion Veresev, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
715A33AE9117D0C2B07CE5B9C396152A

File PE Metadata
Compilation timestamp:
5/10/2013 8:31:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x1E90B

Entry point:
E8, 54, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, B3, 43, 00, E8, 5F, 17, 00, 00, E8, 21, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, E7, 11, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C8, 0B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.2270

Code size:
142.5 KB (145,920 bytes)

The file farruko ft yandel.exe has been seen being distributed by the following URL.

http://groupsetzipmyjob.org/hp/.../zY5vvI7s8u6ZEhj26HSEe8wO4QiKBWe4VLtQh4ynxEQx19P1lkNKjaR0bfnOe9Sa0ClEPxsUW19VTGJwl0RUS2oqYwbMo80xQEBC9tT6dPgcyItM62KeqinPN51qxOPXXfPPp4ZUvRnz4BFwX6APeD48oRBQ JVWbObyGPvWs90dzl1h04XHd7LyTnVlzVI90Qv6 7OVnnd1kik0PjrvfMHalfC0GRbO0OGkFtoA7YyxcuRgkYnwC1o564E13NLo5DhTEjevegA4Fv&external_id=1429591892411418307

Remove farruko ft yandel.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.