home

lukinhow.therebels.cdrawx764.rar.exe

security categorized index XQuery

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application lukinhow.therebels.cdrawx764.rar.exe by Stanislav Kabin has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forallhomee.com.
Publisher:
database fix and a  (signed by Stanislav Kabin)

Product:
security categorized index XQuery

Version:
2.1.0.0

MD5:
d70765f05c15dd6d5e97862fea74bd9a

SHA-1:
274c48b335fecd4847df99cd27da5db59145fcf4

SHA-256:
22fe8359ce94d4187b718689c0eb97d43ef712759300cca54472d8ea00000192

Scanner detections:
22 / 68

Status:
Adware

Analysis date:
4/26/2024 10:11:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.680091
922

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.29

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.164.60

avast!
Win32:PUP-gen [PUP]
140617-1

AVG
Adware Generic5.BARP
2014.0.3986

Bitdefender
Application.Generic.680091
1.0.20.1045

Comodo Security
Application.Win32.Multiplug.GETF
18997

Dr.Web
Trojan.WebPick.2773
9.0.1.05190

ESET NOD32
Win32/AdWare.MultiPlug.AJ application
7.0.302.0

F-Secure
Application.Generic.680091
11.2014-28-07_2

G Data
Application.Generic.680091
14.7.24

IKARUS anti.virus
PUA.InstallRex
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.181.12846

Malwarebytes
PUP.Optional.Preload
v2014.07.28.10

McAfee
PUP-FIC
5600.7056

MicroWorld eScan
Application.Generic.680091
15.0.0.627

NANO AntiVirus
Riskware.Win32.MultiPlug.dcgyfk
0.28.2.60990

Panda Antivirus
PUP/TSUploader
14.07.28.10

Reason Heuristics
PUP.StanislavKabin.DD
14.7.28.9

Vba32 AntiVirus
AdWare.MultiPlug
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
792.4 KB (811,408 bytes)

Product version:
2.1.0.0

Copyright:
Copyright (c) 2014

Original file name:
cases

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\lukinhow.therebels.cdrawx764.rar.exe

Digital Signature
Signed by:
Stanislav Kabin

Authority:
Unizeto Technologies S.A.

Valid from:
6/23/2014 8:28:15 AM

Valid to:
6/23/2015 8:28:15 AM

Subject:
E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
3469022839E88D596EA6FE14C990AF76

File PE Metadata
Compilation timestamp:
7/14/2014 5:28:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:aLYojZ1EfDXa3coOZ2SEkzdqx0i+XKGTXjvZmvPtX:MkfDXa38Z2SEkzExnUKgXjkv1

Entry address:
0x15BAE

Entry point:
E8, 6B, 75, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E0, BD, 42, 00, E8, CC, 26, 00, 00, E8, BC, 0E, 00, 00, 0F, B7, F0, 6A, 02, E8, FE, 74, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 30, 3A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
138.5 KB (141,824 bytes)

The file lukinhow.therebels.cdrawx764.rar.exe has been seen being distributed by the following URL.

http://forallhomee.com/v1160?product_name=lukinhow.therebels.CDRAWX764.rar&installer_file_name=lukinhow.therebels.CDRAWX764.rar&product_file_name=lukinhow.therebels.CDRAWX764.rar&product_download_url=http://am4-r1f4-stor07.uploaded.net/.../f8c88954-8703-40c1-8424-a2f3aa07b595

Remove lukinhow.therebels.cdrawx764.rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.