» original helvetica, helvetica neue and helvetica neue st ltd fonts for pc.exe
Overview
Analysis
File Details
Downloads (1)

original helvetica, helvetica neue and helvetica neue st ltd fonts for pc.exe

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application original helvetica, helvetica neue and helvetica neue st ltd fonts for pc.exe by Stanislav Kabin has been detected as adware by 26 anti-malware scanners. The file has been seen being downloaded from groupsetzipmyjob.org.

File name:

Publisher:

Stanislav Kabin (signed and verified)

MD5:

6cc255dbdacc9ddd7be6592c328682d3

SHA-1:

35f9c68df4902ba02811edefa2495492a0ba9662

SHA-256:

60a19b99e1906363411572f52f1adb9461509167757a39b475337bacd7144621

Scanner detections:

26 / 68

Status:

Adware

Analysis date:

4/25/2024 1:09:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Mplug.30

6727224

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.03.11

Avira AntiVirus

PUA/Multiplug.aoa

7.11.215.206

avast!

Win32:MultiPlug-SY [PUP]

150129-1

AVG

Generic6

2016.0.3175

Bitdefender

Gen:Variant.Adware.Mplug.30

1.0.20.345

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.AdWare.MultiPlug.VA

21360

Emsisoft Anti-Malware

Gen:Variant.Adware.Mplug.30

9.0.0.4799

ESET NOD32

Win32/Adware.MultiPlug.EP application

7.0.302.0

Fortinet FortiGate

Adware/MultiPlug

3/10/2015

F-Prot

W32/S-fb69ed61

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Mplug

5.13.68

G Data

Gen:Variant.Adware.Mplug.30

15.3.25

K7 AntiVirus

Unwanted-Program

13.200.15211

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

McAfee

Program.MultiPlug-FVH

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Mplug.30

16.0.0.207

NANO AntiVirus

Trojan.Win32.Badur.dnrnnt

0.30.0.296

Panda Antivirus

PUP/TSUploader

15.03.10.11

Quick Heal

Adware.Multiplug.D6

3.15.14.00

Reason Heuristics

PUP.StanislavKabin

15.3.10.11

Sophos

PUA 'MultiPlug' (of type Adware)

5.12

Vba32 AntiVirus

Heur.Malware-Cryptor.Multiplug

3.12.26.3

VIPRE Antivirus

Threat.4753027

37788

Zillya! Antivirus

Trojan.Badur.Win32.15968

2.0.0.2093

File size:

1.1 MB (1,155,448 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\{081a101a-be7a-accc-081a-a101abe7406a}\original helvetica, helvetica neue and helvetica neue st ltd fonts for pc.exe

Digital Signature

Signed by:

Stanislav Kabin

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 12:28:15 PM

Valid to:

6/23/2015 12:28:15 PM

Subject:

E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

3469022839E88D596EA6FE14C990AF76

File PE Metadata

Compilation timestamp:

5/15/2012 5:24:26 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:MkbKqc2fj7YZ8DeSoTArKIl+8v+BC4meUJC5lrL7:tG8fbe5TAytU4m9w5lD

Entry address:

0x1C85C

Entry point:

E8, 8B, 36, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, EF, 4F, 00, E8, BE, 0E, 00, 00, E8, 58, 38, 00, 00, 0F, B7, F0, 6A, 02, E8, 1E, 36, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2B, 07, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.3606

Code size:

353.5 KB (361,984 bytes)

The file original helvetica, helvetica neue and helvetica neue st ltd fonts for pc.exe has been seen being distributed by the following URL.

http://groupsetzipmyjob.org/hp/?q=wLmfzPQK Dbqpnikg0fFzAhS2jtettfaZhr2h4IYt voH89TsCuyrAt/05KUpqF9jtWMtSmYCvB0aHEV/p8n4gGOFTyypL0Axha/RDCsqYwrU4GB0yXABTVpcEV/LRtzxOTcUXq/WNHJlIkmS0PdXgsJkba/1rHiNQRuNYwSz5G3YtxPnEAbvTGT P 33/ucMqAK5LNEeUiuyLaRTM7AnwjvGOcDrn77qE D4i/kttO6Cvd/nKqavnt/p4jvAhrvuZ 1xYic7ewX3nAg1UaBy8 XcU8oI0BhZZ/klJO1 FT7RoIuh3AcKexfneVmxFUK40QGjUh37xpM1 DF5zQB MtTFRcoLWOMIFkqiuWFoGMxkFFTVVmvQgEVDq500MaObk6ziTVWGWvYuwmIfXpml2/ndvfUByuoPT7JhDZx4tbY27ZV35KiU0ZfjjwXdm/4fV5RJ3kaba588sIyTOaV/o/zR8N5he61tlno731JEzTJads/sBvvlp1TkHEWWtjBXfeXd502YmLiznOZfNFHibBDy AaGYiBWG3a8PA/iZyU3Ayx4TqiIBw5kv4PwBk7A BhInJclzcOe8HKdMAX8oqX60NEjJqMTdm1yKJNzkA2yRWj/.../g712P51aZcyXtdRkyQhNxe 5nS9xj48fdxg2bcxPlRxOxn8n2KUcJ n0Cs0lKFdhv Q&external_id=1423064277494166357

Remove original helvetica, helvetica neue and helvetica neue st ltd fonts for pc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.