» spider-player-2.5.3.exe
Overview
Analysis
File Details

spider-player-2.5.3.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application spider-player-2.5.3.exe by Stepan Rybin has been detected as adware by 25 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Stepan Rybin (signed and verified)

MD5:

f2264c7d0fc0679a092e58a513bf1852

SHA-1:

17b169e47eb1126f5c5ee930db7e800853f2d659

SHA-256:

b410fcb3b00bcb89bab024cd1386345444c9094d650ddf6b4cc97825decd6245

Scanner detections:

25 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 3:02:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.MultiPlug.IE

675

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.04.01

Avira AntiVirus

PUA/Multiplug.aoa

3.6.1.96

avast!

Win32:Adware-gen [Adw]

150319-0

AVG

Generic6

2016.0.3153

Bitdefender

Adware.MultiPlug.IE

1.0.20.455

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.MultiPlug.YTRA

21607

Dr.Web

Trojan.Crossrider1.22656

9.0.1.091

Emsisoft Anti-Malware

Adware.MultiPlug.IF

9.0.0.4799

ESET NOD32

Win32/Adware.MultiPlug.GX (variant)

9.11404

Fortinet FortiGate

Riskware/MultiPlug

4/1/2015

F-Secure

Adware.MultiPlug.IF

5.13.68

G Data

Adware.MultiPlug.IE

15.4.25

K7 AntiVirus

Unwanted-Program

13.202.15438

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

MicroWorld eScan

Adware.MultiPlug.IE

16.0.0.273

nProtect

Adware.MultiPlug.IE

15.03.31.01

Panda Antivirus

PUP/TSUploader

15.04.01.12

Quick Heal

Adware.Multiplug.D6

4.15.14.00

Reason Heuristics

PUP.WebPick

15.3.31.23

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15330

Sophos

MultiPlug

4.98

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

VIPRE Antivirus

Threat.4753027

38552

File size:

453.2 KB (464,072 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\temp\spider-player-2.5.3.exe

Digital Signature

Signed by:

Stepan Rybin

Authority:

Unizeto Technologies S.A.

Valid from:

6/27/2014 10:37:40 AM

Valid to:

6/27/2015 10:37:40 AM

Subject:

E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata

Compilation timestamp:

9/6/2013 6:22:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:zmL+DqDPdLIvzP+RAGN4+4pkyBiL4QOiOIXrNLDzaHzeFvXbwkh53FZzimD:cbdcLPYW+4KKGLvbsmD

Entry address:

0x40BFB

Entry point:

E8, E6, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, B2, 44, 00, E8, EF, 17, 00, 00, E8, B3, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, 79, 12, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 28, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

279.5 KB (286,208 bytes)

Remove spider-player-2.5.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.