» maroon 5 - maps (audio).mp3.exe
Overview
Analysis
File Details
Downloads (2)

maroon 5 - maps (audio).mp3.exe

used of

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application maroon 5 - maps (audio).mp3.exe by Stanislav Kabin has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from toolkitfreefast.com and multiple other hosts.

File name:

Publisher:

of a (signed by Stanislav Kabin)

Product:

used of

Version:

0.8.0.0

MD5:

8188d8d1edd3dd736c220aa3326f7b6f

SHA-1:

ebe0ef86097db89d0954ca9d454a0969963fd5df

SHA-256:

682c9eb5af86cdfa0caf4d48fcd5755255ba45545f16c7dd3222cd35ce6f6f43

Scanner detections:

29 / 68

Status:

Adware

Analysis date:

4/19/2024 4:06:49 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.432869

834

AegisLab AV Signature

Troj.W32.Vilsel

2.1.4+

AhnLab V3 Security

PUP/Win32.InstallRex

2014.10.24

Avira AntiVirus

Adware/MultiPlug.aoa

7.11.180.234

avast!

Win32:PUP-gen [PUP]

141023-1

AVG

Adware Generic_r.QP

2014.0.4040

Bitdefender

Gen:Variant.Adware.Kazy.432869

1.0.20.1485

Clam AntiVirus

Win.Adware.Dropper-8

0.98/21411

Comodo Security

Application.Win32.GreenApp.RR

19887

Dr.Web

Trojan.Siggen6.21336

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.432869

14.10.24

ESET NOD32

Win32/AdWare.MultiPlug.AQ application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.445

10/24/2014

F-Prot

W32/A-853b85bc

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy.432869

11.2014-24-10_6

G Data

Gen:Variant.Adware.Kazy.432869

14.10.24

IKARUS anti.virus

AdWare.Graftor

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.185.13789

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.494

Malwarebytes

PUP.Optional.InstallRex

v2014.10.24.06

McAfee

PUP-FMH

5600.6968

MicroWorld eScan

Gen:Variant.Adware.Kazy.432869

15.0.0.891

NANO AntiVirus

Trojan.Win32.Siggen6.dcscvl

0.28.2.62841

nProtect

Trojan-Clicker/W32.MultiPlug.808824

14.10.24.01

Reason Heuristics

PUP.StanislavKabin.AA

14.10.24.6

Sophos

MultiPlug

4.98

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.3

VIPRE Antivirus

Threat.4753027

33706

Zillya! Antivirus

Backdoor.PePatch.Win32.38896

2.0.0.1966

File size:

789.9 KB (808,824 bytes)

Product version:

0.8.0.0

Original file name:

volume are

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\maroon 5 - maps (audio).mp3.exe

Digital Signature

Signed by:

Stanislav Kabin

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 4:58:15 PM

Valid to:

6/23/2015 4:58:15 PM

Subject:

E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3469022839E88D596EA6FE14C990AF76

File PE Metadata

Compilation timestamp:

7/21/2014 4:37:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:hL4tl+lSJtPrltBy1Lm2rMf7skEUpcQQXBeVF8:hctl3JtJjy1Zgskpu4Q

Entry address:

0x1764E

Entry point:

E8, 9F, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, CD, 42, 00, E8, FC, 0D, 00, 00, E8, 2E, 04, 00, 00, 0F, B7, F0, 6A, 02, E8, 32, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7619 (probably packed)

Code size:

135.5 KB (138,752 bytes)

The file maroon 5 - maps (audio).mp3.exe has been seen being distributed by the following 2 URLs.

http://toolkitfreefast.com/download/v2921?installer_file_name=Maroon 5 - Maps (Audio).mp3&product_file_name=Maroon 5 - Maps (Audio).mp3&product_title=Maroon 5 - Maps (Audio).mp3&product_download_url=http://srv58.clipconverter.cc/download/4pSTb2xgnmNlZrWr2NmYcLVhnGJqamtsnZaTtHyc0aJ3oqeuy9XXnas=/Maroon 5 - Maps (Audio).mp3&product_name=Maroon 5 - Maps (Audio).mp3&filesize=&reffer=http://www.clipconverter.cc&layout_id=8&for_html_installer=1&uuid=4roNmOLLqAsexPSifbb3h04AA1EzSPgWEJggl1G1EzRDj9TnNDyKNngqNHTOy5IBXUX0rW4mWqd7xkbcrbDopwafbg5KLkKJjOP3UMRl2PSZ5gWMdPnTubGAKLIUaEhtCavnus0zjssxX8woJ0gz94QhA6oLDsDcNCPqMq8pGR3L1hXTKqoU3S4rpD3LVb48UEHEkSeGnE7Fj7GwGr0iVOBAghQmFRQ48j6Jl5JanHhXwYJnUBoFTWxR7qMe4SSUT04jYI7zJYwrkR0eXGGdIhYIB4OlnzyxXVBRHXZh11O5y6oRmk8UvuXQ9C0dlXA3qIitfUa0pwH532OIg832ZJt5UzPS0gXlxiHaYiKlbAhfUgFUVGTEjWU8dDKyPpAzljWOkyydnbA38EmoUEOwZELR6mPbnxs9anD9hx5Dkb3FrZlBZFltOEBhYSqOkGwkirxcLrza2lazANQjaJceTO1z9odothy67MFxp6xhTWL

http://toolkitfreefast.com/v2921?product_name=Maroon 5 - Maps (Audio).mp3&product_title=Maroon 5 - Maps (Audio).mp3&installer_file_name=Maroon 5 - Maps (Audio).mp3&product_file_name=Maroon 5 - Maps (Audio).mp3&product_download_url=http://srv58.clipconverter.cc/download/.../Maroon 5 - Maps (Audio).mp3

Remove maroon 5 - maps (audio).mp3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.