home

pret visit.mp4.exe

used databases

Stanislav Kabin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application pret visit.mp4.exe by Stanislav Kabin has been detected as adware by 27 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from toolkitfreefast.com.
Publisher:
are  (signed by Stanislav Kabin)

Product:
used databases

Version:
8.1.0.0

MD5:
e7f8c54cc807773403daa41c0bab5c19

SHA-1:
aef60ca3069896f3d5c4f523ce5edf89b07e9455

SHA-256:
51c25f1986574a83b954d1bf2b16f79ba23d729b018951904f5fa58d342479e3

Scanner detections:
27 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/25/2024 6:52:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.432869
800

AhnLab V3 Security
PUP/Win32.Multiplug
2014.11.27

Avira AntiVirus
Adware/MultiPlug.aoa
7.11.189.28

avast!
Win32:MultiPlug-IF [PUP]
141119-1

AVG
Adware Generic_r.RI
2014.0.4189

Bitdefender
Gen:Variant.Adware.Kazy.432869
1.0.20.1650

Comodo Security
Application.Win32.GreenApp.RR
20202

Dr.Web
Trojan.WebPick.2798
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.432869
9.0.0.4570

ESET NOD32
Win32/AdWare.MultiPlug.BE application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.445
11/26/2014

F-Prot
W32/A-2d7ab1b7
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy.432869
11.2014-26-11_4

G Data
Gen:Variant.Adware.Kazy.432869
14.11.24

K7 AntiVirus
Unwanted-Program
13.186.14150

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

Malwarebytes
PUP.Optional.MultiPlug
v2014.11.26.09

McAfee
CryptMplug
5600.6934

MicroWorld eScan
Gen:Variant.Adware.Kazy.432869
15.0.0.990

NANO AntiVirus
Trojan.Win32.Crossrider.ddnccj
0.28.6.63726

nProtect
Trojan-Clicker/W32.MultiPlug.989560
14.11.26.01

Panda Antivirus
Trj/Genetic.gen
14.11.26.09

Reason Heuristics
PUP.StanislavKabin.N
14.11.26.10

SUPERAntiSpyware
PUP.MultiPlug/Variant
10213

Vba32 AntiVirus
AdWare.MultiPlug
3.12.26.3

VIPRE Antivirus
Threat.4753027
35088

Zillya! Antivirus
Adware.MultiPlug.Win32.37
2.0.0.1994

File size:
966.4 KB (989,560 bytes)

Product version:
8.1.0.0

Copyright:
Copyright (c) 2014

Original file name:
and For more

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Digital Signature
Signed by:
Stanislav Kabin

Authority:
Unizeto Technologies S.A.

Valid from:
6/23/2014 1:28:15 PM

Valid to:
6/23/2015 1:28:15 PM

Subject:
E=Stanislav.Kabin@hotmail.com, CN=Stanislav Kabin, O=Stanislav Kabin, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
3469022839E88D596EA6FE14C990AF76

File PE Metadata
Compilation timestamp:
8/4/2014 7:23:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:lrTAcLO/ur8+Rw1o2PZwej4pFOxRzQiSKOKnADNh1m:tAcLe+CoU9cpFOxRzQiSKOuAR3m

Entry address:
0x2EF58

Entry point:
E8, 85, 9F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 57, 45, 00, E8, 52, 3A, 00, 00, E8, 6D, 0C, 00, 00, 0F, B7, F0, 6A, 02, E8, 18, 9F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A3, 7E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.5901

Code size:
276.5 KB (283,136 bytes)

The file pret visit.mp4.exe has been seen being distributed by the following URL.

http://toolkitfreefast.com/v2921?product_name=Pret Visit.mp4&product_title=Pret Visit.mp4&installer_file_name=Pret Visit.mp4&product_file_name=Pret Visit.mp4&product_download_url=http://.../videoplayback?sparams=id,initcwndbps,ip,ipbits,itag,ratebypass,source,upn,expire&source=youtube&initcwndbps=14669000&mv=m&ipbits=0&ms=au&mt=1407507643&sver=3&id=o-ANc5IlImMxIUEGQPALqrxlxmqoqCSPzzYdlir9Cm5Z-P&expire=1407529412&mm=31&signature=7180A1189A13439BB3663B86B32CB9B029465898.583A48981BE10DD29D5892592DA0AEB6B78F7A3D&key=yt5&ip=2001:41d0:b:529:e83d:63b:1c59:37ca&upn=AK4ZV04rZFg&fexp=902408,902411,927622,931983,934024,934030,946013,950876&ratebypass=yes&mws=yes&itag=18&&title=Pret Visit

Remove pret visit.mp4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.