home

minecraft forge mod.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application minecraft forge mod.exe by Stepan Rybin has been detected as adware by 23 anti-malware scanners. The file has been seen being downloaded from profficer.org.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
8727d5645559d24dfb4dbf9488da0e75

SHA-1:
9b0cd28ecc7de39b693f058c22e8365a1c5feb5e

SHA-256:
c258a18bdf3f78ad3896d32969ede3764004b6779e528069cf617f15c3a0bd1d

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
5/24/2024 5:57:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.7658
6473677

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.02.23

Avira AntiVirus
PUA/MultiPlug.11245
7.11.212.24

avast!
Win32:MultiPlug-TP [PUP]
150129-1

AVG
Adware Generic6.NWA
2014.0.4257

Bitdefender
Gen:Variant.Adware.Mikey.7658
1.0.20.265

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.7658
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.ES application
7.0.302.0

F-Prot
W32/S-05e718fa
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey.7658
5.13.68

G Data
Gen:Variant.Adware.Mikey.7658
15.2.25

K7 AntiVirus
Unwanted-Program
13.197.15043

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

Malwarebytes
PUP.Optional.MultiPlug.A
v2015.02.22.04

McAfee
Program.MultiPlug-FVQ
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.Mikey.7658
16.0.0.159

NANO AntiVirus
Riskware.Win32.MultiPlug.dnxgtq
0.30.0.296

Reason Heuristics
PUP.WebPick
15.2.22.16

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15220

Sophos
MultiPlug
4.98

Vba32 AntiVirus
Heur.Malware-Cryptor.Multiplug
3.12.26.3

Zillya! Antivirus
Adware.MultiPlug.Win32.194367
2.0.0.2078

File size:
1.1 MB (1,121,480 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\minecraft forge mod.exe

Digital Signature
Signed by:
Stepan Rybin

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 1:37:40 AM

Valid to:
6/27/2015 1:37:40 AM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
9/23/2013 8:00:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:mVQlomue1G/QcrfoR9fRI6gFz1ws/P+MfK5aMs:GQJ/G/hobZs+sJf5Ms

Entry address:
0xB5C59

Entry point:
E8, FE, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, C1, 4F, 00, E8, 11, 19, 00, 00, E8, CB, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 91, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 40, 03, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4052

Code size:
747.5 KB (765,440 bytes)

The file minecraft forge mod.exe has been seen being distributed by the following URL.

http://profficer.org/hp/?q=aNXF6WolHpzJ6abcde/mtxp8if5W 7PFcnVqgPDh7nGv3o23eRdKZ0/1TMKfhkXjdY3ga8xIkoIqV3FNrYYM51c0aksMkQ3eMBJQ6rA /ewxjG8E1kqBHLxJl9ZDQ7St5Sg9kndBz3ae3jvJX4jz IWUo xO9vwm8nhDQwUYsbANKSFPhc5foCY7sDA5F4MdsKvYrCzsWHDIfl9q1 c4oG/mrfj8bvkR5/M6kba7dD//Mdj1p4dRZ4wpAfkG83JZUraA53oOsT FjwUv7sceSeI2X4vpB/o23PladLG4BY1dws UswX4X7DT7insgZHR K/L0RWbtHrS yEoZ0WuXlxViR3hZNbLS1daIM CYgQvKNTwZhtTdNOT/PJKMRKbdlDVj1hsnFCD0RAd4ewe u7ybUXnofyrCVZaD1PaJyZmi9AaFGKNxNUz8KUPRrR/.../RCjw&external_id=1423801735432498587

Remove minecraft forge mod.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.