home

gillsans_ufonts.com.exe

The application gillsans_ufonts.com.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. The file has been seen being downloaded from masternal.com.
MD5:
3260f94c94be5a044b97f508c4224e47

SHA-1:
5d7ee90128a3c01115a95d2246b0ae38e473d4cc

SHA-256:
b70923a8ef042ce2fa7e8320ac1ca05c685174919854cb78e56f6accb9a7a0b8

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
5/18/2024 9:59:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.552220
6384676

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.02.15

Avira AntiVirus
ADWARE/MultiPlug.Gen7
7.11.210.58

avast!
Win32:InstalleRex-CH [PUP]
2014.9-150215

AVG
Generic6
2016.0.3198

Bitdefender
Gen:Variant.Adware.Kazy.552220
1.0.20.230

Bkav FE
HW32.Packed
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.552220
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.ES application
7.0.302.0

F-Prot
W32/S-b1f91337
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy.552220
5.13.68

G Data
Gen:Variant.Adware.Kazy.552220
15.2.25

K7 AntiVirus
Unwanted-Program
13.194.14968

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
14.0.0.2483

McAfee
Program.Multiplug-FVQ
5600.6854

MicroWorld eScan
Gen:Variant.Adware.Kazy.552220
16.0.0.138

Panda Antivirus
PUP/TSUploader
15.02.15.11

Reason Heuristics
Threat.Win.Reputation.IMP
15.2.15.11

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15213

Sophos
PUA 'MultiPlug' (of type Adware)
5.10

Vba32 AntiVirus
Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
Threat.4786450
36694

File size:
1.1 MB (1,116,160 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\{9972e4a9-858c-12d2-9972-2e4a985892a6}\gillsans_ufonts.com.exe

File PE Metadata
Compilation timestamp:
6/3/2012 11:10:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:uPeZrowDScBK21erb9Nm3lTGZ1TZ8D0AXpe6KeEFGhEgFBp79vVYqMv7k+1Vx11o:umZU21mbHk81TZUs6bEA/pZYn171

Entry address:
0xB5999

Entry point:
E8, FE, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, B7, 4F, 00, E8, 11, 19, 00, 00, E8, CB, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 91, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 40, 03, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4261

Code size:
747 KB (764,928 bytes)

The file gillsans_ufonts.com.exe has been seen being distributed by the following URL.

http://masternal.com/v95?product_name=GillSans Font&product_title=GillSans Font&installer_file_name=gillsans_ufonts.com&product_file_name=gillsans.ttf&product_download_url=http://.../xjc?d951853

Remove gillsans_ufonts.com.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.