» the hobbit_ the battle of the five armies 720p avi.exe
Overview
Analysis
File Details
Downloads (1)

the hobbit_ the battle of the five armies 720p avi.exe

Andrey Hmelnikov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application the hobbit_ the battle of the five armies 720p avi.exe by Andrey Hmelnikov has been detected as adware by 12 anti-malware scanners. The file has been seen being downloaded from groupsetzipmyjob.org.

File name:

Publisher:

Andrey Hmelnikov (signed and verified)

MD5:

68db2a6b8b7c2239c9beb0d8744b8d65

SHA-1:

ec68e44c46fe8f389dffadaafbe547be56dd09e0

SHA-256:

073925001b2347ddf597709ab25805be75fbd20313db1a31ec4d4cc603572f4a

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

4/26/2024 6:44:33 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.01.08

AVG

Generic

2016.0.3218

ESET NOD32

Win32/Adware.MultiPlug.ED (variant)

9.10974

F-Prot

W32/S-ae56c02f

v6.4.7.1.166

K7 AntiVirus

Unwanted-Program

13.1814565

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.2583

Malwarebytes

PUP.Optional.MultiCore

v2015.01.26.08

McAfee

MultiPlug-FUC

5600.6874

Reason Heuristics

PUP.AndreyHmelnikov

15.1.26.8

Sophos

MultiPlug

4.98

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

File size:

1.3 MB (1,365,880 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\the hobbit_ the battle of the five armies 720p avi.exe

Digital Signature

Signed by:

Andrey Hmelnikov

Authority:

Unizeto Technologies S.A.

Valid from:

6/23/2014 12:25:04 AM

Valid to:

6/23/2015 12:25:04 AM

Subject:

E=Andrey.Hmelnikov@hotmail.com, CN=Andrey Hmelnikov, O=Andrey Hmelnikov, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

727B500ADD12D49F610A094EBFE02E4B

File PE Metadata

Compilation timestamp:

4/3/2013 11:35:26 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:0gWFmYJmZ2eWPVUgBX6WfPj0KZZNhpfOT+e/F6PaGtc9xs:1ofa2dvJ64wuVpWTftMaGY6

Entry address:

0x1A6CA

Entry point:

E8, 1D, 39, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, E4, 45, 00, E8, 50, 11, 00, 00, E8, EA, 3A, 00, 00, 0F, B7, F0, 6A, 02, E8, B0, 38, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C2, 09, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.6505

Code size:

353 KB (361,472 bytes)

The file the hobbit_ the battle of the five armies 720p avi.exe has been seen being distributed by the following URL.

http://groupsetzipmyjob.org/hp/?q=F9zaKm2AAz/z789/XZIYd8Rj3D23aIYDZL84AWf/VuzwWo7rLDxZu/LyADbWhpEU6gjbzLFAdcJy30P2kasBbLL5LZHIEq3nDpRCV7Mn/p/rL3rt2U11tVibFpgBsGO8bahhnuyqqueOFTytNo/6npa8pvtzwNWRBLIbAhtS8Ziz1kf/Dq9dtFXK3168JPNE/.../wpp FbYP76fqyPbqVEVCvcg7PJSiif9aoxC6gxreMCoAFE3jl4uDjeO0HR0NVTHAGXB2IqibtBts3w48VEHv6ozMSqivD51aiK3T9mW&external_id=1420642069366522847

Remove the hobbit_ the battle of the five armies 720p avi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.