home

Pavel Repkin

Publisher Information

Pavel Repkin is a software publisher located in Saint Petersburg, Saint Petersburg City in Russia*. The company is a primary distributor of unwanted software.
Authority:
StartCom Ltd.

Valid from:
8/30/2011 4:17:25 AM

Valid to:
8/30/2013 11:50:27 AM

Subject:
E=pavel.repkin@gmail.com, CN=Pavel Repkin, L=Saint Petersburg, S=Saint Petersburg City, C=RU, Description=496726-6lnbyJoXvJM0x5wb

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
03ed

Scanner detections:
Detections  (96% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Startup.PavelRepkin.I, PUP.PavelRepkin.AA, Trojan.Adw.Installer.PavelRepkin.H, PUP.PavelRepkin.I, PUP.Installer.PavelRepkin.H, PUP.PavelRepkin.J, PUP.PavelRepkin.L, PUP.Installer.PavelRepkin.K, PUP.PavelRepkin (M), PUP.PavelRepkin.Installer (M), PUP.PavelRep.Installer (M), PUP (M)
100.00%

ESET NOD32
Win32/OpenCandy
52.00%

Malwarebytes
PUP.Optional.OpenCandy
32.00%

NANO AntiVirus
Trojan.Win32.OpenCandy.bgxfbr, Trojan.Win32.OpenCandy.bhhelr, Trojan.Win32.OpenCandy.bfycmj, Trojan.Win32.OpenCandy.bkjxxi
20.00%

Baidu Antivirus
Trojan.Win32.Agent, Trojan.Win32.OpenCandy, Adware.Win32.OpenCandy
20.00%

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
16.00%

Trend Micro House Call
TROJ_GEN.F47V0730, TROJ_GEN.F47V0820, TROJ_GEN.F47V0719, Suspicious_GEN.F47V1029
16.00%

G Data
Win32.Adware.OpenCandy
8.00%

F-Prot
W32/Undefined.Threat
4.00%

McAfee
Artemis!3E430074E62D
4.00%

0 / 68
vsdl0eh9.pif  (8755adb9d2c346f8b90812447b0fcf3f)

1 / 68      (Adware)
yosetup_alpha.exe  (fd8c43cefcb9c52a48ccd89147565977)

1 / 68      (Adware)
yosetup.exe  (d3f7acfba8e41baf76ed34eac7a6b4ef)

1 / 68      (Adware)
yosetup507.exe  (783cc146831dd485379a9bb8fb805e57)

1 / 68      (Adware)
yosetup.exe  (cd8c80353b6be5b17da13881ca2e6d2e)

1 / 68      (Adware)
yosetup.exe  (b8371160ae80805328fc5713a5bfe5ba)

8 / 68      (Adware)
yosetup_rc.exe  (df5eed1df6d4e7b1c83aefc4265b854c)

1 / 68      (Adware)
yowindow.scr (YoWindow screensaver by repkasoft)  (814a18d430caed2a41fd340c96573ca8)

8 / 68      (Adware)
yosetup.exe  (8daa5ea5e475fcd153ad48403518cc14)

3 / 68      (Adware)
yosetup.exe  (b171fc11e9a12ce0fd827d9f3bc5e34f)

1 / 68      (Adware)
yosetup.exe  (a32ca0a0718980c2ae8c816a10d61264)

1 / 68      (Adware)
yowindow.scr (YoWindow screensaver by repkasoft)  (8865d45c7ae73e4b1a345b3033c424d9)

4 / 68      (Adware)
yosetup.exe  (84fb3438fc7d941f6788a8f97a9a283a)

2 / 68      (Adware)
yosetup.exe  (1334ef942c6d4fd10e63f856ca4800c1)

1 / 68      (Adware)
uninstall.exe  (49e85f57414f343f55871beb972a0014)

2 / 68      (Adware)
yosetup.exe  (ee54dae0f6f89e6ae97bba2a90ccc121)

1 / 68      (Adware)
uninstall.exe  (4b4f8796e5fd9786eb49d69214cbad7c)

2 / 68      (Adware)
yosetup_3.0.107.exe  (c084fb32b858024cea413111113612bb)

6 / 68      (Adware)
yosetup.exe  (cf8563698ae7e1366e41da77d67e292c)

5 / 68      (Adware)
yosetup.exe  (be9a684f4bb0a0c3a3530834b1cefc7a)

3 / 68      (Adware)
yosetup.exe  (c038e9964e4d208ce31ee8d1de43b711)

4 / 68      (Adware)
yosetup.exe  (19b84d2bd9c241bd01ab680a68f67810)

1 / 68      (Adware)
yowindow.exe (YoWindow 3 by Repkasoft)  (332a99b688413e092878602933e41d3c)

6 / 68      (Adware)
yosetup.exe  (3e430074e62dd6a6d75b240212b75903)

7 / 68      (Adware)
yowindow-5082-jetelecharge.exe  (a43de85288d802976ad88dd1b01d13b2)

1 / 68      (Adware)
yowindow.exe (YoWindow 3 by Repkasoft)  (6f49e6cce701d4845698498e83b2c746)

Downloads URLs for files signed by Pavel Repkin.

5 / 68      (Adware)
http://he2.yowindow.com/.../yosetup.exe  (be9a684f4bb0a0c3a3530834b1cefc7a)

4 / 68      (Adware)
http://letoltes.szoftverbazis.hu/NDs8GGwx15kOqOuL_5MkiA/1477937022/.../yosetup3.exe  (84fb3438fc7d941f6788a8f97a9a283a)

3 / 68      (Adware)
http://cluster.online.ua/soft/.../fyosetup.exe  (c038e9964e4d208ce31ee8d1de43b711)

2 / 68      (Adware)
http://he2.yowindow.com/.../yosetup.exe  (1334ef942c6d4fd10e63f856ca4800c1)

7 / 68      (Adware)
http://software-files-a.cnet.com/s/software/12/53/62/.../yosetup.exe  (a43de85288d802976ad88dd1b01d13b2)

7 / 68      (Adware)
http://www.jetelecharge.com/telp.php?id=5082  (yowindow-5082-jetelecharge.exe)

The following websites host and distribute files published by Pavel Repkin.

cluster.online.ua

he2.yowindow.com

www.jetelecharge.com

software-files-a.cnet.com

The following publishers (by Authenticode signature organization name) are related.

Perion Network Ltd.

Onekit Internet S,L

BlueSprig, Inc.

Smart PC Solutions, Inc.

Visicom Media Inc.

Kirill Chermenin

Webcellence Ltd.

AppWork GmbH

EZ Freeware, LLC

SIEN S.A.

* Note, the details and description above are based on the code signing digital signature issued to Pavel Repkin by StartCom Ltd. on August 30, 2011 with the serial number '03ed'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.