home

flash.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application flash.exe by Stepan Rybin has been detected as adware by 28 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
8caeb53627538383377a64f8858ef0dc

SHA-1:
8646467464dde8a51fc4a7310b7ea1904b35faf3

SHA-256:
e4be2e2e85c2053e32ca972becdb62726f6fa60fc651d7978a8f83d47abebf3c

Scanner detections:
28 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 9:13:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.MultiPlug.GC
651

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.03.21

Avira AntiVirus
PUA/MultiPlug.11245
7.11.218.230

avast!
Win32:Agent-AUVV [Trj]
2014.9-150425

AVG
Generic6
2016.0.3129

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.15425

Bitdefender
Adware.MultiPlug.GC
1.0.20.575

Comodo Security
Application.Win32.MultiPlug.YTRA
21481

Dr.Web
Trojan.Crossrider1.22656
9.0.1.0115

Emsisoft Anti-Malware
Adware.MultiPlug.GC
8.15.04.25.02

ESET NOD32
Win32/Adware.MultiPlug.FQ (variant)
9.11354

Fortinet FortiGate
Adware/MultiPlug
4/25/2015

F-Prot
W32/S-9726aad4
v6.4.7.1.166

F-Secure
Adware.MultiPlug.GC
11.2015-25-04_7

G Data
Adware.MultiPlug.GC
15.4.25

K7 AntiVirus
Unwanted-Program
13.202.15333

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
14.0.0.2139

Malwarebytes
PUP.Optional.Bundler
v2015.04.25.02

McAfee
MultiPlug-FWS
5600.6785

MicroWorld eScan
Adware.MultiPlug.GC
16.0.0.345

NANO AntiVirus
Trojan.Win32.Crossrider.dpgfpr
0.30.8.659

nProtect
Adware.MultiPlug.GC
15.03.20.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.WebPick.StepanRybin
15.4.24.22

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15423

Sophos
MultiPlug
4.98

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38614

File size:
828.7 KB (848,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\windows vxm\program\flash.exe

Digital Signature
Signed by:
Stepan Rybin

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 3:37:40 AM

Valid to:
6/27/2015 3:37:40 AM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
1/20/2013 4:36:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:w5/Jbi2HiwSz25AHkCf7a/J3kZCK8IoY/qbkg+MolGbOYDqgWStJC1hU1OW2P1o:wR4wSCQf7s3aqY++MoMnDqgW+s16x2Pe

Entry address:
0xB30E6

Entry point:
E8, 3A, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, 6E, 4C, 00, E8, 44, 18, 00, 00, E8, 07, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, CD, 12, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 7C, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.7068  (probably packed)

Code size:
736.5 KB (754,176 bytes)

Remove flash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.