home

thegoldbook2.zip.exe

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application thegoldbook2.zip.exe by Alexey Kurilenko has been detected as adware by 22 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Alexey Kurilenko  (signed and verified)

MD5:
c33a1ee094031905b3b236a3da7f02f9

SHA-1:
5b934dade9a1d9f89c34431822e10a3df9486b9c

SHA-256:
9270f24c4aa7457e2337561738c238041f53dd5bb9eff52dce7465e4a1d17fca

Scanner detections:
22 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/19/2024 1:37:07 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
AdWare.W32.MultiPlug
2.1.4+

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2014.10.31

Avira AntiVirus
Adware/MultiPlug.aob
7.11.182.78

avast!
Win32:MultiPlug-CI [PUP]
141025-0

AVG
Adware Generic5.BENU
2014.0.4040

Clam AntiVirus
Win.Trojan.Multiplug-9
0.98/21411

Comodo Security
Application.Win32.MultiPlug.PNU
19944

Dr.Web
Trojan.Crossrider.28215
9.0.1.05190

ESET NOD32
Win32/AdWare.MultiPlug.BF application
7.0.302.0

F-Prot
W32/A-5958afe0
v6.4.7.1.166

K7 AntiVirus
Adware
13.185.13853

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.494

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.10.30.11

McAfee
MultiPlug
5600.6962

NANO AntiVirus
Riskware.Win32.MultiPlug.ddsvpv
0.28.6.62995

nProtect
Trojan-Clicker/W32.MultiPlug.666008
14.10.30.01

Reason Heuristics
PUP.AlexeyKurilenko.P
14.10.28.16

Sophos
MultiPlug
4.98

Vba32 AntiVirus
Downware.MultiPlug.gen
3.12.26.3

VIPRE Antivirus
Threat.4150696
34232

Zillya! Antivirus
Adware.MultiPlug.Win32.57
2.0.0.1972

File size:
650.4 KB (666,008 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\thegoldbook2.zip.exe

Digital Signature
Signed by:
Alexey Kurilenko

Authority:
Unizeto Technologies S.A.

Valid from:
6/17/2014 7:20:17 AM

Valid to:
6/17/2015 7:20:17 AM

Subject:
E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
15D51642691B3EE20985639A8FE865DD

File PE Metadata
Compilation timestamp:
8/6/2014 10:01:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:NZVunYav79cKnZxCAgX2QRkOSllkpGF57Lsth6RpoX/wR4u28:Psp9cWZVnQecI7Q+pOEE8

Entry address:
0xC461

Entry point:
E8, 3E, 3C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 9F, 41, 00, E8, 19, 16, 00, 00, E8, 0B, 3E, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 3B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C4, 2C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8681  (probably packed)

Code size:
82.5 KB (84,480 bytes)

Remove thegoldbook2.zip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.