home

ms toolkit 2.5.4.exe

Rodion Veresev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application ms toolkit 2.5.4.exe by Rodion Veresev has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Rodion Veresev  (signed and verified)

MD5:
12d1c9e283d9ac687fc391e3b22b4312

SHA-1:
1dc3650bac1d70f4f97704dfe57dd1eccf5cdb50

SHA-256:
2d46228b2cbdbee7e71613209bbdd09af256747119f88ba47950b4249342558d

Scanner detections:
24 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/24/2024 10:28:01 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.37
655

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.04.22

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

AVG
Generic
2016.0.3133

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.15424

Bitdefender
Gen:Variant.Adware.Mplug.37
1.0.20.555

Dr.Web
Trojan.Crossrider1.25958
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.37
8.15.04.21.03

ESET NOD32
Win32/Adware.MultiPlug.JB application
7.0.302.0

Fortinet FortiGate
Riskware/MultiPlug
4/24/2015

F-Secure
Gen:Variant.Adware.Mplug
5.13.68

G Data
Gen:Variant.Adware.Mplug.37
15.4.25

IKARUS anti.virus
PUA.Multiplug
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15654

Kaspersky
Trojan-Dropper.Win32.Agent
14.0.0.2144

McAfee
MultiPlug-FXP
5600.6789

MicroWorld eScan
Gen:Variant.Adware.Mplug.37
16.0.0.333

NANO AntiVirus
Riskware.Win32.MultiPlug.dqwybn
0.30.20.1219

Panda Antivirus
Generic Suspicious
15.04.24.05

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.WebPick.RodionVeresev
15.4.20.21

Sophos
Generic PUA EP
4.98

Vba32 AntiVirus
Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39568

File size:
380.4 KB (389,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\{67efd850-d775-a4a5-67ef-fd850d776143}\ms toolkit 2.5.4.exe

Digital Signature
Signed by:
Rodion Veresev

Authority:
Unizeto Technologies S.A.

Valid from:
6/25/2014 2:22:58 AM

Valid to:
6/25/2015 2:22:58 AM

Subject:
E=rodion.veresev@yandex.ru, CN=Rodion Veresev, O=Rodion Veresev, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
715A33AE9117D0C2B07CE5B9C396152A

File PE Metadata
Compilation timestamp:
12/1/2013 10:26:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:RB4bl4OgYpnVr5CIbJVzi0ueZJWupdiRVIbQHB+EU1mqGG44/Lv0wlXGqe3vvfat:RB4blHzpnVr5CIbHseHWUiRCGz3XfEn

Entry address:
0x1E74B

Entry point:
E8, 54, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, B2, 43, 00, E8, 5F, 17, 00, 00, E8, 21, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, E7, 11, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C8, 0B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.1959

Code size:
142 KB (145,408 bytes)

Scheduled Task
Task name:
Bidaily Synchronize Task

Trigger:
Daily (Runs daily at 2:19 AM)


Remove ms toolkit 2.5.4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.