home

tb7w4t.exe

Julian Pankratov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application tb7w4t.exe by Julian Pankratov has been detected as adware by 29 anti-malware scanners. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Julian Pankratov  (signed and verified)

MD5:
a347111cdd3a806632529b6cb384e587

SHA-1:
e1b18094f5214810fd6a15fd52198b8111f75e23

SHA-256:
bea8de6a3ca3313833c5346c4fbcd2cbac215b9dc5d4d64314b171204868ac66

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/19/2024 11:35:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Dropper.101
921

Agnitum Outpost
Trojan.Adware
7.1.1

AhnLab V3 Security
Adware/Win32.Graftor
2014.07.29

Avira AntiVirus
Adware/Graftor.1855
7.11.164.66

avast!
Win32:InstalleRex-AL [PUP]
140617-1

AVG
Adware Skodna.Generic.AOV
2014.0.3986

Bitdefender
Gen:Variant.Adware.Dropper.101
1.0.20.1045

Clam AntiVirus
Win.Adware.Graftor-99
0.98/19168

Comodo Security
Application.Win32.Agent.AU
18997

Dr.Web
Trojan.Crossrider.3
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.101
8.14.07.28.12

ESET NOD32
Win32/Preloader.A potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/MultiPlug
7/28/2014

F-Prot
W32/Preloader.B2.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Dropper.101
11.2014-28-07_2

G Data
Gen:Variant.Adware.Dropper.101
14.7.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.181.12846

Malwarebytes
PUP.Optional.BundleLoader.A
v2014.07.28.12

McAfee
PUP-FEI
5600.7055

MicroWorld eScan
Gen:Variant.Adware.Dropper.101
15.0.0.627

NANO AntiVirus
Trojan.Win32.Crossrider.cqhprr
0.28.2.60990

Norman
Kryptik.CCRN
11.20140728

Panda Antivirus
Trj/Genetic.gen
14.07.28.12

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.JulianPankratov.G
14.8.7.23

Sophos
Preload
4.98

Vba32 AntiVirus
AdWare.MegaSearch
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
1.3 MB (1,395,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tb7w4t.exe

Digital Signature
Signed by:
Julian Pankratov

Authority:
COMODO CA Limited

Valid from:
10/14/2013 2:00:00 AM

Valid to:
10/15/2014 1:59:59 AM

Subject:
CN=Julian Pankratov, O=Julian Pankratov, STREET=Gagarіna 11, L=Kiev, S=Kiev, PostalCode=02094, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D14C8CC7422B7B416198EEB359191765

File PE Metadata
Compilation timestamp:
9/29/2013 3:07:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:9xllVmuE1S3pby8M0VuQYsNqHYnKQC6zT5FHUAn0bCOLO5LylzBVNc0eV:9xJ+1sy/0VuQYsqSVC6JNB5L5OlzBVNM

Entry address:
0x1A561

Entry point:
E8, F3, 40, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, BF, 42, 00, E8, E9, 09, 00, 00, E8, C0, 42, 00, 00, 0F, B7, F0, 6A, 02, E8, 86, 40, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 96, 01, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
145 KB (148,480 bytes)

Remove tb7w4t.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.