» google-earth-pro.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

google-earth-pro.exe

Stanislav Kabin

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions using the JustPlug.it browser framework. The application google-earth-pro.exe, “Installer for PlutoApp” by Stanislav Kabin has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.

File name:

Publisher:

PlutoApp (signed by Stanislav Kabin)

Product:

PlutoApp

Description:

Installer for PlutoApp

Version:

2014.8.11.1240

MD5:

42df73e64c8faa2602a8f1e885a9038e

SHA-1:

da64797747aab1136702ea9960582d3921301abe

SHA-256:

8a62572d2b063fab8c2b64f65bde89c5709334e20fe6fe6afb620666aa6b29bb

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:

5/4/2024 2:29:45 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.AntiFW

2.1.4+

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

PUP/Win32.TSULoader

2014.10.16

Avira AntiVirus

TR/Kazy.324119.51

7.11.178.166

avast!

Win32:InstalleRex-CU [PUP]

141003-0

AVG

Generic

2015.0.3320

Bkav FE

W32.FamVT.AntiFWK.Trojan

1.3.0.4959

Comodo Security

Application.Win32.InstalleRex.KG

19812

Dr.Web

Trojan.WebPick.2818

9.0.1.05190

ESET NOD32

Win32/InstalleRex.M potentially unwanted application

7.0.302.0

F-Prot

W32/InstallRex.B.gen

v6.4.7.1.166

K7 AntiVirus

Unwanted-Program

13.183.13690

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.494

Malwarebytes

PUP.Optional.Installrex

v2014.10.15.05

McAfee

PUP-FMK

5600.6976

NANO AntiVirus

Riskware.Win32.InfoLeak.cvgqot

0.28.2.62671

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.AntiFW.A5

10.14.14.00

Reason Heuristics

Adware.WebPick.Installer.Q

14.10.15.16

Sophos

InstallRex

4.98

Vba32 AntiVirus

Downware.TSU

3.12.26.3

VIPRE Antivirus

Threat.4150696

33706

Zillya! Antivirus

Adware.MultiPlug.Win32.71

2.0.0.1956

File size:

315.4 KB (322,928 bytes)

Product version:

1.0.0.3

Original file name:

TSULoader.exe

File type:

Executable application (Win32 EXE)

Installer:

WebPick InstalleRex (Tarma)

Common path:

C:\users\{user}\downloads\google earth pro\google-earth-pro.exe

Digital Signature

Signed by:

Stanislav Kabin

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 5:28:15 AM

Valid to:

6/23/2015 5:28:15 AM

Subject:

E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3469022839E88D596EA6FE14C990AF76

File PE Metadata

Compilation timestamp:

3/12/2013 2:51:45 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:krZbUzkuvcBYC47l2xvsmBljx/NpPOFczFPMKVb0VmMk3:krKkuveY3anBhVPOCF90VmMG

Entry address:

0x14DB

Entry point:

55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF... 
[+]

Entropy:

7.9531

Developed / compiled with:

Microsoft Visual C++

Code size:

7.5 KB (7,680 bytes)

The file google-earth-pro.exe has been seen being distributed by the following URL.

http://google-earth-pro.programas-gratis.net/descargar_programa

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

TCP (HTTP):

Connects to c1.stylezip.info (54.186.255.26:80)

http://c1.stylezip.info/?step_id=1&installer_id=11975048&publisher_id=197&source_id=0&page_id=0&country_code=US&locale=US&browser_id=4&download_id=35925144&external_id=0&session_id=71850288&hardware_id=83825336&installer_file_name=google-earth-pro

Remove google-earth-pro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.