home

ourworld hack tool.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application ourworld hack tool.exe by Stepan Rybin has been detected as adware by 18 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
f2ae97d1dd252a5e75c088e7f91e5d20

SHA-1:
ef26231052fbe34663b7283ee68e76b118c22b70

SHA-256:
a916a94fd40fee8c305fc1bbb0d4d7d8cf7b7fbd64a909baf2726c0741e01cb7

Scanner detections:
18 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/16/2024 3:07:44 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.03.20

Avira AntiVirus
PUA/MultiPlug.11245
7.11.218.158

avast!
Win32:Agent-AUVV [Trj]
150319-1

AVG
Adware Generic6.ZNO
2014.0.4257

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.MultiPlug.YTRA
21470

Dr.Web
Trojan.Crossrider.36840
9.0.1.05190

ESET NOD32
Win32/Adware.MultiPlug.FQ application
7.0.302.0

F-Prot
W32/S-dda247a3
v6.4.7.1.166

G Data
Win32.Adware.MultiPlug.AK
15.3.25

K7 AntiVirus
Unwanted-Program
13.202.15320

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

Malwarebytes
PUP.Optional.Bundler
v2015.03.20.03

McAfee
Program.MultiPlug-FWS
16.8.708.2

Reason Heuristics
PUP.WebPick
15.3.20.2

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15318

Sophos
MultiPlug
4.98

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

File size:
822.7 KB (842,440 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ourworld hack tool.exe

Digital Signature
Signed by:
Stepan Rybin

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 4:37:40 AM

Valid to:
6/27/2015 4:37:40 AM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
11/8/2012 4:10:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:3ftR/O2xn/iMO5tSpMaMTcbhpXGRRtPMMGOn4lRDlZeBoCakQi+:3D/O2haMO5tvPQbhx6PMm4vDq0nn

Entry address:
0xB194F

Entry point:
E8, 41, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, 4D, 4C, 00, E8, 4B, 18, 00, 00, E8, 0E, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, D4, 12, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 83, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.7101  (probably packed)

Code size:
730.5 KB (748,032 bytes)

The file ourworld hack tool.exe has been seen being distributed by the following URL.

http://groupsetzipmyjob.org/hp/?q=j5bWS4a5U1K4omjlha6HfTLHl7O9AJkeIH7E/.../7fPHR6I3eMBTaMBLFhHZJGKzBS940DJPQXppARlyfg3HRe9xz9ol7PWBFIlQBy8Uv7s2eJ4mCfnMh8LrHAUZVnP1BYUqNyVrWN6rP4kpAMEdMN4AB57JZiR7uC ORBskmGmutUk73yBT5R4fI5Bog5tqUp1wmcKIXpzSaZBm8 JywJbrkT7WvD14M3gEKjA7TQhOOk8ipTDe170eDcmMC9iHZEopeUovD1svu39vLYks7qr85j8l2e&external_id=1426736131142518060

Remove ourworld hack tool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.