» get-stylesie_toolbar.exe
Overview
Analysis
File Details
Downloads (1)

get-stylesie_toolbar.exe

Sergey Cherezov

The application get-stylesie_toolbar.exe by Sergey Cherezov has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from get-styles.ru.

File name:

Publisher:

Sergey Cherezov (signed and verified)

MD5:

8b34ea87e0e41e5f4c34a50f51d6facb

SHA-1:

9bb0be4d1c6764269defaa5bd1700c0e02521f44

SHA-256:

6ad0a7ff2c1eb7889db59670baa45921ad82091df6563956e8f117e0ddbf98d7

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

5/3/2024 9:14:45 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

17542

Dr.Web

Adware.Bho.3875

9.0.1.010

Reason Heuristics

PUP.SergeyCherezov.U

14.8.8.0

Trend Micro House Call

TROJ_GEN.F47V1214

7.2.10

XVirus List

Win32.Detected

2.8.8

File size:

1011.4 KB (1,035,688 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\get-stylesie_toolbar.exe

Digital Signature

Signed by:

Sergey Cherezov

Authority:

COMODO CA Limited

Valid from:

9/3/2012 4:00:00 AM

Valid to:

9/4/2015 3:59:59 AM

Subject:

CN=Sergey Cherezov, O=Sergey Cherezov, STREET="V.Vysotskogo 3, 271", L=Novosibirsk, S=Novosibirsk, PostalCode=630133, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A410CB5D50A86EE0497305207A0287F9

File PE Metadata

Compilation timestamp:

12/6/2009 2:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:7q8JL7G2ghNiByr9oTVAMD8wUmcWhGHzUMM8ezDXN4F:7bJnGDhNiByRMVv/UmcWhGTU/bzDXN6

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file get-stylesie_toolbar.exe has been seen being distributed by the following URL.

http://get-styles.ru/.../Get-StylesIE_toolbar.exe

Remove get-stylesie_toolbar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.