» pes 2014 android apk.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

pes 2014 android apk.exe

Sergey Petrov

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application pes 2014 android apk.exe, “Installer for Puresafe” by Sergey Petrov has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.

File name:

Publisher:

Puresafe (signed by Sergey Petrov)

Product:

Puresafe

Description:

Installer for Puresafe

Version:

2014.3.26.1709

MD5:

35f34dd5fd6b0c29d3cff80ea4ff80c7

SHA-1:

531d7e5086dc7114d6ed9145cd21b6800df45a7d

SHA-256:

0f0566024435fbc78ae290bc2809e23843d7609bb3d9e3dabebce353aa685a73

Scanner detections:

33 / 68

Status:

Adware

Explanation:

Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:

4/26/2024 12:16:58 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11152751

941

Agnitum Outpost

Trojan.AntiFW

7.1.1

AhnLab V3 Security

PUP/Win32.TSULoader

2014.07.09

Avira AntiVirus

Adware/PureSafe.A

7.11.159.66

avast!

Win32:InstalleRex-BI [PUP]

140617-1

AVG

Generic

2015.0.3419

Bitdefender

Trojan.Generic.11152751

1.0.20.945

Bkav FE

HW32.CDB

1.3.0.4959

Clam AntiVirus

Win.Trojan.Antifw-21

0.98/19073

Comodo Security

Application.Win32.InstalleRex.KG

18807

Dr.Web

Trojan.WebPick.29

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Generic.11152751

8.14.07.08.12

ESET NOD32

Win32/InstalleRex.P potentially unwanted application

7.0.302.0

F-Secure

Trojan.Generic.11152751

11.2014-08-07_3

G Data

Trojan.Generic.11152751

14.7.24

IKARUS anti.virus

PUP.InstallRex

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12657

Kaspersky

Trojan.Win32.AntiFW

15.0.0.463

Malwarebytes

PUP.Optional.Installrex

v2014.07.08.12

McAfee

PUP-FHQ

5600.7075

MicroWorld eScan

Trojan.Generic.11152751

15.0.0.567

NANO AntiVirus

Riskware.Win32.InfoLeak.cvgqot

0.28.0.60698

nProtect

Trojan.Generic.11152751

14.07.08.03

Panda Antivirus

PUP/TSUploader

14.07.08.12

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.AntiFW.A5

7.14.14.00

Reason Heuristics

Adware.WebPick.Installer.U

14.7.8.11

Rising Antivirus

PE:Trojan.AntiFW!6.1747

23.00.65.14706

Sophos

InstallRex

4.98

SUPERAntiSpyware

Adware.InstallRex/Variant

10496

Vba32 AntiVirus

Downware.TSU

3.12.26.3

VIPRE Antivirus

Threat.4150696

31088

Zillya! Antivirus

Trojan.AntiFW.Win32.248

2.0.0.1850

File size:

316.2 KB (323,744 bytes)

Product version:

1.0.0.3

Original file name:

TSULoader.exe

File type:

Executable application (Win32 EXE)

Installer:

WebPick InstalleRex (Tarma)

Language:

Turkish (Turkey)

Common path:

C:\users\{user}\downloads\pes 2014 android apk.exe

Digital Signature

Signed by:

Sergey Petrov

Authority:

COMODO CA Limited

Valid from:

8/21/2013 3:00:00 AM

Valid to:

8/22/2014 2:59:59 AM

Subject:

CN=Sergey Petrov, O=Sergey Petrov, STREET=Gaydara 13, L=Kyev, S=Kyev, PostalCode=01033, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0AD084E865D27CD546D21DB6EDF89D48

File PE Metadata

Compilation timestamp:

3/12/2013 10:51:45 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:Or+bUzkuvcBYC47l2xUa0nvmas+8gGxvzbLxS8YXsypuewKmia:OrXkuveY3z+U83tbLpmsgh/a

Entry address:

0x14DB

Entry point:

55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

7.5 KB (7,680 bytes)

The file pes 2014 android apk.exe has been seen being distributed by the following URL.

http://appllicatiionew.com/.../?&q=Pes 2014 Android Apk&product_name=Pes 2014 Android Apk&installer_file_name=Pes 2014 Android Apk&q=Pes 2014 Android Apk&offer_id=2&aff_id=1160&external_id=1395926478492846163&self_redirect=1

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove pes 2014 android apk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.