home

priceless_310315.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application priceless_310315.exe by Stepan Rybin has been detected as adware by 29 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
c2f21bcf1e7f0f05d36183dfe5523293

SHA-1:
cfe3525af38b3a0953fd2e80a1ab94b5b323983b

SHA-256:
6f08d169e138cd594d4f676a7d7fa4d3f19e94d3734965ee59ba74b66e83b3c6

Scanner detections:
29 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 7:35:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PLN
6202195

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.04.01

Avira AntiVirus
PUA/Multiplug.aoa
3.6.1.96

avast!
Win32:Adware-gen [Adw]
150319-0

AVG
Generic6
2016.0.3153

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.1541

Bitdefender
Adware.MultiPlug.IE
1.0.20.455

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.MultiPlug.YTRA
21615

Dr.Web
Trojan.Crossrider1.22656
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.PLN
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.GX (variant)
9.11404

Fortinet FortiGate
Riskware/MultiPlug
4/1/2015

F-Secure
Adware.Agent.PLN
5.13.68

G Data
Adware.MultiPlug.IE
15.4.25

K7 AntiVirus
Unwanted-Program
13.202.15438

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

McAfee
Trojan.Artemis!C2F21BCF1E7F
16.8.708.2

MicroWorld eScan
Adware.MultiPlug.IE
16.0.0.273

NANO AntiVirus
Riskware.Win32.MultiPlug.dpxuma
0.30.8.659

nProtect
Adware.MultiPlug.IE
15.03.31.01

Panda Antivirus
PUP/TSUploader
15.04.01.12

Qihoo 360 Security
Win32/Virus.Multi.0d0
1.0.0.1015

Quick Heal
Adware.Multiplug.D6
4.15.14.00

Reason Heuristics
PUP.WebPick
15.3.31.22

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15330

Sophos
PUA 'MultiPlug' (of type Adware)
5.12

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
Threat.4753027
38552

File size:
452.7 KB (463,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\priceless\priceless_310315.exe

Digital Signature
Signed by:
Stepan Rybin

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 6:37:40 PM

Valid to:
6/27/2015 6:37:40 PM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
7/11/2013 9:58:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:X8RKEVMWSICiWbOS7mgiEIsxXuRTctZFI2:XISiWbn7ptMIZFI2

Entry address:
0x409DB

Entry point:
E8, E6, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, B2, 44, 00, E8, FF, 17, 00, 00, E8, B3, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, 79, 12, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 28, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3873

Code size:
279 KB (285,696 bytes)

Remove priceless_310315.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.