home

Everstrike OOO

Publisher Information

Everstrike OOO is a software publisher located in Ulyanovsk, Russia*. The company is a primary distributor of unwanted software. Thre are 3 additional code signing certificates issued to this publisher.
Authority:
VeriSign, Inc.

Valid from:
12/29/2011 1:00:00 AM

Valid to:
1/13/2013 12:59:59 AM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=Ulyanovsk, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
641e267f3d0313eeed9d86e2c36b2260

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Everstrike (M), PUP.Everstrike.Installer (M), PUP.Everstri (M), PUP.Everstri.Installer (M), PUP (M)
100.00%

1 / 68      (Adware)
run.exe  (03d3c4db48ec4c0bfa525b4a01b2020b)

1 / 68      (Adware)
ExeScript.exe (ExeScript by Everstrike Software)  (283d57cea67aa4d53eea279cb29ab0a8)

1 / 68      (Adware)
english.dll (ExeScript by Everstrike Software)  (ee4b28876e199cbf38042b8944d0649e)

1 / 68      (Adware)
crshrpt.exe  (a6100b39acf6a0eb7875287e1a93b75b)

1 / 68      (Adware)
svchost.exe (Microsoft Windows Operating System by Microsoft)  (3d79ea065f43b943c231aac8c006e517)

1 / 68      (Adware)
ExeScript.exe (ExeScript by Everstrike Software)  (f017a3c13f4281a3d02f4f13b2b8f06e)

1 / 68      (Adware)
KCDefender.exe (Host Process for Windows Services by Microsoft)  (6652fdfe06d943100feef308d63f3173)

1 / 68      (Adware)
svchost.exe (Microsoft Windows Operating System by Microsoft)  (45e4d53d1fe1788ab54b027eb023c354)

1 / 68      (Adware)
exescript.exe (ExeScript)  (ef2fd52835aa072b85809f45d761b6cd)

1 / 68      (Adware)
dusbs.exe  (f61cc14f93d3687f87db57eeb20ecb70)

1 / 68      (Adware)
pf.3.5.0.0.exe  (64af8fa89e1392fd538d1d49e154c44c)

1 / 68      (Adware)
svchost.exe (Microsoft Windows Operating System by Microsoft)  (99589f1e9e4998fccf0d23f41e7f45d2)

1 / 68      (Adware)
run.exe  (a7e031ec0d7852940349cbb87640398c)

1 / 68      (Adware)
ExeScriptEditor.exe (ExeScript Editor by Everstrike Software)  (9e7fb08af3a5d39c3421d1a7f45896b9)

1 / 68      (Adware)
escompile64.exe  (60cc2fa32dc55b61f6acb4f354534443)

1 / 68      (Adware)
escompile.exe  (643aa0b9b5066cad35088ef7a169dcbe)

1 / 68      (Adware)
english.dll (ExeScript by Everstrike Software)  (f13f45d044977414c314aa01bb5f77ef)

1 / 68      (Adware)
USPro.exe (Universal Shield by Everstrike Software)  (ed8fd7e5e3567ac78d8014626121ba1e)

1 / 68      (Adware)
english.dll  (319aa732a86234ed8bcb422c92514863)

1 / 68      (Adware)
ded8cf00-14ad-8571-2e43-66c96bd8fe99_1d1db0f5eb4febf (ExeScript)  (bbfea116393e7ec85de94254c0eb41fa)

1 / 68      (Adware)
lockfldr.rus.3.9.3.0.exe  (65d6e34ed8b19bd0477c016e5eb29717)

1 / 68      (Adware)
exescript.exe (ExeScript)  (f687cd3d1dc804ee55088f8bf4bb23d7)

1 / 68      (Adware)
lfservice.exe  (8c05f98aae2742ebfe8640e1e906cf29)

1 / 68      (Adware)
USPro.exe (Universal Shield by Everstrike Software)  (b5c7228efc66c0445a36d3af337c3384)

1 / 68      (Adware)
usbspy.Sys (USB Spy by Dmitriy A. Boiko)  (dd11ba89cdb1110ed0c2c24677c5dcf5)

1 / 68      (Adware)
28d72upd (Universal Shield by Everstrike Software)  (0e93f553b125e61a966949d8403f112a)

1 / 68      (Adware)
unlock.exe  (4492adafea116857b1a8669e5b4aaf03)

1 / 68      (Adware)
installfl.exe (PF/FCP by Everstrike Software)  (37fdc12a24c79530b279e49f7ee9a5e6)

1 / 68      (Adware)
decrypt.exe  (1188c8f89a1c768d72819f2a2211fcf1)

1 / 68      (Adware)
_isuser.dll  (9a0d49ab8954443229c10d28fd08e949)

 
Latest 30 of 167 files

Downloads URLs for files signed by Everstrike OOO.

1 / 68      (Adware)
http://soft.oszone.net/download-file/.../  (lockfldr-ru.exe)

The certificates below are also signed by Everstrike OOO.

49A93C592149572F4142F301F1998E04  (Jan 15, 2013 to Feb 15, 2014)

1C6FEBAF7115A5C4FFAEAACEC3EA4FF1  (Dec 17, 2010 to Jan 14, 2012)

4F047BCF18A6FDD97F5D03D2A61289D8  (Jan 21, 2010 to Jan 13, 2011)

* Note, the details and description above are based on the code signing digital signature issued to Everstrike OOO by VeriSign, Inc. on December 29, 2011 with the serial number '641e267f3d0313eeed9d86e2c36b2260'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.