» setupytb.exe
Overview
Analysis
File Details
Downloads (1)

setupytb.exe

A of data term

Daniel Palad

The application setupytb.exe by Daniel Palad has been detected as adware by 36 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from blackziplivebesst.com.

File name:

setupytb.exe

Publisher:

run (signed by Daniel Palad)

Product:

A of data term

Version:

4.0.0.0

MD5:

56d81f1f4380141e889b6856f5e786c4

SHA-1:

5f26bd70f343be19307e458c8c91edcaa40bc194

SHA-256:

a47cea394980a5a237bf8f1dca09e5156dd06c2e3f0dec829f8f1728961b1c9f

Scanner detections:

36 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 5:55:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

367

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

16.02.03

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.145.66

avast!

Win32:MultiPlug-AS [PUP]

2014.9-160203

AVG

Adware Generic_r

2017.0.2845

Bitdefender

Gen:Variant.Adware.Dropper.101

1.0.20.170

Bkav FE

W32.MultiPlugAR.Adware

1.3.0.4959

Clam AntiVirus

Win.Adware.Multiplug-8

0.98/19776

Comodo Security

Application.Win32.Multiplug.R

18165

Dr.Web

Trojan.Crossrider.18216

9.0.1.034

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

8.16.02.03.11

ESET NOD32

Win32/AdWare.MultiPlug.R application

10.7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.1814531

2/3/2016

F-Prot

W32/A-dacaee66

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper

11.2016-03-02_4

G Data

Gen:Variant.Adware.Dropper.101

16.2.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.176.11873

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.718

Malwarebytes

PUP.Optional.MultiPlug.A

v2016.02.03.11

McAfee

Program.PUP-FIC

5600.6501

Microsoft Security Essentials

BrowserModifier:Win32/CouponRuc

1.1.11400.0

MicroWorld eScan

Gen:Variant.Adware.Dropper.101

17.0.0.102

NANO AntiVirus

Trojan.Win32.Crossrider.cuwgpc

0.28.0.59492

Norman

Gen:Variant.Adware.Dropper.103

11.20160203

Panda Antivirus

Trj/Genetic.gen

16.02.03.11

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Quick Heal

AdWare.MultiPlag.ace

2.16.14.00

Reason Heuristics

PUP.DanielPalad.Installer (M)

16.2.3.11

Rising Antivirus

PE:Malware.MultiPlug!6.13CF

23.00.65.16201

Sophos

PUA 'MultiPlug' (of type Adware)

Vba32 AntiVirus

AdWare.MultiPlug

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

28594

ViRobot

Trojan.Win32.Agent.1215904

2011.4.7.4223

Zillya! Antivirus

Adware.MultiPlug.Win32.16

2.0.0.1832

File size:

2 MB (2,122,464 bytes)

Product version:

4.0.0.0

Original file name:

monitoring

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\addons\setupytb.exe

Digital Signature

Signed by:

Daniel Palad

Authority:

Unizeto Technologies S.A.

Valid from:

1/8/2014 12:22:34 AM

Valid to:

1/8/2015 12:22:34 AM

Subject:

E=daniel.palad@hotmail.com, CN="Open Source Developer, Daniel Palad", O=Daniel Palad, C=IL

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

40E879F8942E9B666656C235479922A6

File PE Metadata

Compilation timestamp:

5/21/2014 9:02:20 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:pZJ5kuxQUUHcmS1cqBKN6BoPs9x+mABs8OZsnYaH3dNy1YsSnZz:15N/MAKNXP8xeyZsnYG3WWDnZz

Entry address:

0x1083B

Entry point:

E8, 3E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 21, 42, 00, E8, 1F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 90, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.9370 (probably packed)

Code size:

102.5 KB (104,960 bytes)

The file setupytb.exe has been seen being distributed by the following URL.

http://blackziplivebesst.com/?e=ytr&publisher=724&country=TH&prv=YoutubeAdblocker&ind=6462511636219193960&exid=1400923497723967561&ssd=7744883002626645473&hid=4957191742651439105&osid=602&channel=0&sfx=1&jc=1&category_name=YoutubeAdblocker&install_date=20130524

Remove setupytb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.