Ivan Kostin

Publisher Information

Ivan Kostin is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Ivan Kostin is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Ivan Kostin are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors".
Authority:
COMODO CA Limited

Valid from:
8/25/2013 2:00:00 AM

Valid to:
8/26/2014 1:59:59 AM

Subject:
CN=Ivan Kostin, O=Ivan Kostin, STREET=Pobedy 33/1, L=Kyiv, S=Kyiv, PostalCode=03170, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00eb11d24ce6ddbbf752fe4dc3d683d2bf

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.WebPick.IvanKostin.Installer (M), Adware.WebPick.Installer (M)
100.00%

F-Prot
W32/InstallRex.B, W32/InstallRex.B.gen
28.00%

IKARUS anti.virus
PUP.InstallRex, PUA.TDownloader, PUA.InstallRex
28.00%

Agnitum Outpost
PUA.InstalleRex, PUA.Downloader, Trojan.AntiFW, Adware.Generic, PUA.AdLoad
28.00%

ESET NOD32
Win32/InstalleRex.M potentially unwanted application, Win32/InstalleRex.L potentially unwanted application
26.00%

VIPRE Antivirus
Threat.4150696, Threat.4753027, Trojan.Win32.Generic, Installerex/WebPick, Threat.14871
26.00%

Dr.Web
Adware.Downware.1541, Adware.Downware.1719, Trojan.WebPick.4
26.00%

avast!
Win32:InstalleRex-AI [PUP], Win32:InstallMonstr-DE [PUP], Win32:InstalleRex-DT [PUP], Win32:InstalleRex-AH [PUP]
26.00%

Kaspersky
Trojan.Win32.AntiFW, not-a-virus:Downloader.Win32.AdLoad
26.00%

Clam AntiVirus
Win.Trojan.Installerex-53, Win.Trojan.Installerex-17, Win.Trojan.Installerex-25, Win.Trojan.Installerex-108, Win.Adware.Installrex-1
26.00%

1 / 68      (Adware)

40 / 68    (Adware)
download.exe (QuickSet)  (234f01a61fa40c33854a79c1287e1d18)

38 / 68    (Adware)
download.exe (LightWare by SoftWarehouse)  (d2daeda61f81539f891079a6371f44c1)

1 / 68      (Adware)
anda adam - daca ar fi [download].mp3.exe (SummerSoft)  (68cdb47369f53a5b38b15c41d4bcad55)

1 / 68      (Adware)
anda adam - daca ar fi [download].mp3.exe (SummerSoft)  (ee141118fa0156721e2f98ebf0af06f2)

40 / 68    (Adware)
00000000 (QuickSet)  (19f4eadc7528322578541ed18b539a64)

34 / 68    (Adware)
sharebeastdownload.exe (QuickSet)  (7ec346c9ae82c06cb102512cb3679e5f)

42 / 68    (Adware)
00000000 (WinterSoft)  (5152d847afbcb515645bfb8c245a3cfd)

1 / 68      (Adware)
mp3.exe (QuickSet)  (fefa93f3b4e77733f17029cacb95aa3e)

1 / 68      (Adware)

1 / 68      (Adware)
scania-skin-olga.scs.exe (SummerSoft)  (6c83983c2631f2d6bbc8a92725c95767)

1 / 68      (Adware)
the+beatles+–+please+please+me.exe (QuickSet)  (288aa93bb04ac183075559f75b0e1bde)

43 / 68    (Adware)
00000000 (QuickSet)  (f3af1ad74622e5830151f76a6a6540ba)

1 / 68      (Adware)
va---now-hits--2013.milton.honda.rar.exe (SummerSoft)  (685d3162716c94a1fc937cb75886527e)

1 / 68      (Adware)
va---now-hits--2013.milton.honda.rar.exe (SummerSoft)  (d16017d9f7e16e17a27e2a8a4de0d1c1)

41 / 68    (Adware)
download.exe (QuickSet)  (0f77ce42ff395b9f2ad9cb545868b4aa)

1 / 68      (Adware)
happy birthday songs.exe (SummerSoft)  (485ad8342377064c8ba1be1395fc2348)

1 / 68      (Adware)
cs6ogpuw.exe (WinterSoft)  (38ab93c939c96b795e9da4878688807b)

1 / 68      (Adware)

1 / 68      (Adware)
j8nnsiqr.exe (SummerSoft)  (394209a650adc548d702bf9fdee88002)

1 / 68      (Adware)

1 / 68      (Adware)
symphonino40mozart.mp3.exe (Appit by Beware)  (f9da099ba1b36c6166d7160a1bdb7faa)

1 / 68      (Adware)
rppbahasainggris3sms2.doc.exe (MinWare by House Of Soft)  (c28a19d47a50519844cead2a235f609e)

1 / 68      (Adware)
lampiran 1d form penghitungan ak pkg.docx.exe (QuickSet)  (6cbee62b39f2c61b89cf205282c4e9e7)

1 / 68      (Adware)
buku 4 pedoman pkb dan angka kreditnya.pdf.exe (QuickSet)  (5744d672c399743b6c833462445b986d)

1 / 68      (Adware)

1 / 68      (Adware)
dj remix khoobsurat hai woh itna.mp3.exe (SummerSoft)  (33711c183465717d55d3870b6ec0e35b)

1 / 68      (Adware)

 
Latest 30 of 1,634 files

Downloads URLs for files signed by Ivan Kostin.

40 / 68    (Adware)
http://lp.zpdownload.info/.../Download.exe  (234f01a61fa40c33854a79c1287e1d18)

1 / 68      (Adware)
http://lp.ezdownloadpro.info/.../unit2.rar.exe  (de3e5b079e6c89726e2bbb5b2cd9e306)

1 / 68      (Adware)
http://lp.ezdownloadpro.info/.../null.exe  (f752b72f4783ba44d05fbb3deab00832)

The following publishers (by Authenticode signature organization name) are related.

* Note, the details and description above are based on the code signing digital signature issued to Ivan Kostin by COMODO CA Limited on August 25, 2013 with the serial number '00eb11d24ce6ddbbf752fe4dc3d683d2bf'.