home

gytis pakevi_ius tu vejo paklausk.mp3.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application gytis pakevi_ius tu vejo paklausk.mp3.exe by Stepan Rybin has been detected as adware by 23 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
1b6cbb9d25e49405b57427ed016225fe

SHA-1:
dd74d07beeb2501457e316413de0a1579ddb18b4

SHA-256:
8df23ed39d7f320f2b7024dcbd3419ace34ad41fa4d13957491955ca9f8cf561

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/26/2024 4:20:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.487527
6496598

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.01.30

Avira AntiVirus
ADWARE/MultiPlug.Gen4
7.11.205.220

avast!
Win32:InstalleRex-CK [PUP]
2014.9-150131

AVG
Adware Generic6.LAF
2014.0.4257

Bitdefender
Gen:Variant.Adware.Mplug.28
1.0.20.155

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
20890

Dr.Web
Trojan.Crossrider.36840
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.487527
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.EL application
7.0.302.0

F-Secure
Gen:Variant.Adware.Kazy.487527
5.13.68

G Data
Gen:Variant.Adware.Symmi.49687
15.1.25

K7 AntiVirus
Unwanted-Program
13.193.14803

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
14.0.0.2558

McAfee
MultiPlug-FVB
5600.6869

MicroWorld eScan
Gen:Variant.Adware.Mplug.28
16.0.0.93

NANO AntiVirus
Riskware.Win32.MultiPlug.dmztkv
0.30.0.65070

Norman
Gen:Variant.Adware.Kazy.487527
03.12.2014 13:20:04

Panda Antivirus
PUP/TSUploader
15.01.31.07

Reason Heuristics
PUP.WebPick
15.2.5.12

Sophos
PUA 'MultiPlug' (of type Adware)
59

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
Threat.4753027
36666

File size:
1 MB (1,084,104 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\application data\{3199888a-7a8d-45af-3199-9888a7a82229}\gytis pakevi_ius tu vejo paklausk.mp3.exe

Digital Signature
Signed by:
Stepan Rybin

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 11:37:40 AM

Valid to:
6/27/2015 11:37:40 AM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
9/24/2012 8:21:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:8atpC+NkmUtmBAMFxmuj6sjtmKeAP5JF5q4ZreAOa:8ISmUtmhFxlRnFwRAB

Entry address:
0x1FF8A

Entry point:
E8, 8D, 36, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 45, 46, 00, E8, C0, 0E, 00, 00, E8, 5A, 38, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 36, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2B, 07, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
379 KB (388,096 bytes)

Remove gytis pakevi_ius tu vejo paklausk.mp3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.