» sg.exe
Overview
Analysis
File Details

sg.exe

Andrew Kruzov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application sg.exe by Andrew Kruzov has been detected as adware by 9 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder.

File name:

sg.exe

Publisher:

Andrew Kruzov (signed and verified)

MD5:

bc92084c303e8bb26e607a394ac3f6fa

SHA-1:

0b4afec3e3fa3b06a5da939211dd8b8c315e53fb

SHA-256:

fa31fe201f223b769a1faa4cfe5fb050100e4dc5ad99c49c8f3b0e8274cee4f5

Scanner detections:

9 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 8:49:44 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:PUP-gen [PUP]

140908-2

AVG

Adware Generic_r.JY

2014.0.4015

Clam AntiVirus

Win.Adware.Agent-6743

0.98/19348

Dr.Web

Trojan.Crossrider.14455

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.101

14.09.10

ESET NOD32

Win32/AdWare.MultiPlug.R application

7.0.302.0

Reason Heuristics

PUP.AndrewKruzov.C

14.9.12.9

Sophos

Adware.MultiPlug

5.05

VIPRE Antivirus

Threat.4150696

32938

File size:

1.5 MB (1,541,680 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sg.exe

Digital Signature

Signed by:

Andrew Kruzov

Authority:

COMODO CA Limited

Valid from:

9/26/2013 8:00:00 PM

Valid to:

9/27/2014 7:59:59 PM

Subject:

CN=Andrew Kruzov, O=Andrew Kruzov, STREET=Savrasova 31, L=Kiev, S=Kiev, PostalCode=03110, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

53C0E7306A4ED340CBA044D801891A67

File PE Metadata

Compilation timestamp:

4/16/2014 5:41:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:Ie8ZT4EIfoqZGTgmmg3zt+JyAsTO1FNFXgpbvTsTyperZylpugfgOcQOk2In:eZ/IDl+SsTO3NFYsTycrZtvQOgn

Entry address:

0x1098B

Entry point:

E8, CE, 49, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 21, 42, 00, E8, AF, 20, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, 61, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 20, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.9019 (probably packed)

Code size:

103 KB (105,472 bytes)

Remove sg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.