home

october 2014 data update.zip.exe

Kaydar LLC

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application october 2014 data update.zip.exe by Kaydar has been detected as adware by 23 anti-malware scanners. The file has been seen being downloaded from matrixsuper.info and multiple other hosts.
Publisher:
Kaydar LLC  (signed and verified)

MD5:
737bceb320fdcc141466962220ea351d

SHA-1:
ce5808bfa8f3e5cb088a407cba463862c646e5b9

SHA-256:
5a24bb4eaccc257b90076dd60bc9e8a1d3c9b681849356e81f21840d4990beab

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
4/16/2024 9:35:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.7658
6463993

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.02.22

Avira AntiVirus
ADWARE/MultiPlug.Gen7
7.11.211.248

AVG
Adware Generic6.OPV
2014.0.4257

Bitdefender
Gen:Variant.Adware.Mikey.7658
1.0.20.260

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.7658
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.ES application
7.0.302.0

F-Prot
W32/S-05e718fa
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey.7658
5.13.68

G Data
Gen:Variant.Adware.Mikey.7658
15.2.25

K7 AntiVirus
Unwanted-Program
13.197.15042

Malwarebytes
PUP.Optional.MultiPlug.A
v2015.02.21.06

McAfee
Program.MultiPlug-FVQ
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.Mikey.7658
16.0.0.156

NANO AntiVirus
Riskware.Win32.MultiPlug.dnxpds
0.30.0.296

Panda Antivirus
Trj/CI.A
15.02.21.06

Qihoo 360 Security
Win32/Virus.Adware.178
1.0.0.1015

Reason Heuristics
PUP.WebPick
15.3.20.19

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15219

Sophos
MultiPlug
4.98

Trend Micro House Call
TROJ_GEN.R08NH06BH15
7.2.52

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

Zillya! Antivirus
Adware.MultiPlug.Win32.200674
2.0.0.2077

File size:
1.1 MB (1,118,176 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\{dde0a35c-cf9e-5c70-dde0-0a35ccf98d73}\october 2014 data update.zip.exe

Digital Signature
Signed by:
Kaydar LLC

Authority:
GlobalSign nv-sa

Valid from:
2/12/2015 12:14:19 PM

Valid to:
9/24/2015 4:07:10 PM

Subject:
E=kaydarmail@gmail.com, CN=Kaydar LLC, O=Kaydar LLC, L=Dnipropetrovsk, C=UA

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217A57B813A060AF912C2EFE9F51A75C3B

File PE Metadata
Compilation timestamp:
6/29/2012 11:19:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:iirUmD0A031FfZnTf6i04XgcvT1UhlRXb7NF4AaK:iY+Ac1FfxGiHgoIXb7H4BK

Entry address:
0xB4B89

Entry point:
E8, FE, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, B2, 4F, 00, E8, 11, 19, 00, 00, E8, CB, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 91, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 40, 03, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4234

Code size:
743.5 KB (761,344 bytes)

The file october 2014 data update.zip.exe has been seen being distributed by the following 5 URLs.

http://matrixsuper.info/hp/?q=JG5VNsuaKQKAuT7P12 h7cmSYmhVoYhSGc3NHV2JAUtzN xoWM7J Y9qrSRgAchMADiTxAQeuaGK1dGN4TY2fWt3tEr5m02CCQQlRA PM Mw9nDGmOAU4 1qehFdBgeaW42M1DjWJ/REU/ qStDQucd5zFMEzV29B3zK0StE4IFrOvrsuP/ee5shAz8n0mBM9OnoO2rt0wvME5YDCfqaRHcYafO3P9fn8nPtJCK93xoIQsy3O4fC6j/FDOtnjFX2bd/Uudn0ByrQnQWCzY02BJYBqn0x0jRo4L7lGWqXQo/nLTFbzidmxwcyyge05iVkG/.../RRV370M AICOJOXzL9Hpr&uuid=TRIKC7nfT8XR1WGhw6bJZLgYes0ukOvrcbNG4qHdqLekv8doQVtazb1m7fQx75SIhtdqhacJsXqjuRy6erIgN8k2wpdZAlKpXgbcQ2vunH9QfVj3Id7rbdn7jTSK8Q5yMFw8Sha9qWIalpQICY8zqGOdhOaC3ujGAEjMeurh5Ut9QjNf6cg2Xm1WhLwZD2kGqCpI1LsrxCbI8paZUnz3EBdqlkXtw3WxhwxRniiejdILA4NG3hG8TnsWKa2I36v958aJUvLFlVopx3KtQUWpUBf9hk5x9x6DFJl2M1QSEJ8hL3rXJ2QcE3WtMmJgyeekASTkr4zk8WDjQpLG4IVrwLUEXdsl2bzpk8A3jgzalkiniYOtoi2aw9jBdA3GAXqv1lrccOint2wbWVL1kGE2Mij2rf4pGtCPejBXnaCY2DM51gMZ11c1vYygdtyX8yVzQY1iGYFXMJRYBJoarm5fRTeYIJ1MNgqe7yTRn2jHA998SFdpO1MYUgRmgrrySzj6H0smXdQzdwU

http://matrixsuper.info/hp/?q=39ZH6N05lHI/TomfxzXO5JgkzCYKsGAvzDNhymjpedb9x8mZguebZbsRhUhK5QqPR0hzO/8G7hfBjSEogUivI7GUfqhCI7AFklWlq PHO6CD nComTlqB VeqiuoPXsBHlotxEYVsgyf9GaXDyxKTCyO6z4X96UPBNiSqZIuGY/.../IRBRT

http://coolerate.org/v34?installer_file_name=October 2014 Data Update.zip&product_name=October 2014 Data Update.zip&product_download_url=https://fs08n5.sendspace.com/dllp/b16e47b452ce759dfcff1a968091c36f/54e1357a/000000/738k3k/October 2014 Data Update.zip&reffer=https://www.sendspace.com/.../738k3k

https://www.sendspace.com/quickdownload.html?lc=738k3k

https://www.sendspace.com/.../738k3k

Remove october 2014 data update.zip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.