home

thriller heads will roll glee.exe

Sergey Petrov

This is a WebPick installer that bundles (with very minimal user consent) a number of adware browser extensions which inject ads in the browser. The application thriller heads will roll glee.exe, “Installer for AppReady Software” by Sergey Petrov has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex (Tarma) installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
AppReady Software  (signed by Sergey Petrov)

Product:
AppReady Software

Description:
Installer for AppReady Software

Version:
2014.5.4.1639

MD5:
32f506b66502cca4114530bb432664bb

SHA-1:
0eeb54b2d02f0728ed19b2f56f3c6192f8bd9ac6

SHA-256:
d59e86c1f59e7714c8a6d894f4ce293af458a1356ae3aa7a4e15972a5658dcb1

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
4/23/2024 9:18:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11445137
483

avast!
Win32:InstalleRex-BI [PUP]
2014.9-151009

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.WebPick.29
9.0.1.0282

Emsisoft Anti-Malware
Trojan.Generic.11445137
8.15.10.09.06

ESET NOD32
Win32/InstalleRex.M potentially unwanted application
9.7.0.302.0

F-Secure
Trojan.Generic.11445137
11.2015-09-10_6

herdProtect (fuzzy)
variant of super8+&+tab+-+suru+(original+mix). - [mp3juices.com].exe (Adware)
2015.10.9.18

MicroWorld eScan
Trojan.Generic.11445137
16.0.0.846

Norman
Trojan.Generic.11445137
11.20151009

nProtect
Trojan/W32.AntiFW.335712
15.05.29.01

Reason Heuristics
Adware.WebPick.Installer (M)
15.8.21.10

VIPRE Antivirus
Threat.4150696
40552

File size:
327.9 KB (335,808 bytes)

Product version:
1.0.0.3

Copyright:
Copyright © 2014 AppReady Software

Original file name:
TSULoader.exe

File type:
Executable application (Win32 EXE)

Installer:
WebPick InstalleRex (Tarma)

Language:
Language Neutral

Common path:
C:\users\{user}\Music\thriller heads will roll glee.exe

Digital Signature
Signed by:
Sergey Petrov

Authority:
COMODO CA Limited

Valid from:
8/21/2013 8:00:00 AM

Valid to:
8/22/2014 7:59:59 AM

Subject:
CN=Sergey Petrov, O=Sergey Petrov, STREET=Gaydara 13, L=Kyev, S=Kyev, PostalCode=01033, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0AD084E865D27CD546D21DB6EDF89D48

File PE Metadata
Compilation timestamp:
3/12/2013 4:51:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:xrmbUzkuvcBYC47l2xmhRvqW6/FC5vQyQuPBoKa7rrnTezFq3Whz1:xrvkuveY3TRvqh9AnvBoKa7r7TezSU1

Entry address:
0x14DB

Entry point:
55, 8B, EC, 81, EC, 2C, 06, 00, 00, 53, 56, 33, DB, 57, 66, 89, 9D, DC, FB, FF, FF, 89, 5D, F4, 89, 5D, FC, FF, 15, 74, 30, 40, 00, A3, 08, 44, 40, 00, FF, 15, 70, 30, 40, 00, 8B, F8, 8D, 45, EC, 50, FF, 15, 6C, 30, 40, 00, FF, 15, 68, 30, 40, 00, 8B, F0, F7, D6, 33, F7, FF, 15, 64, 30, 40, 00, 33, F0, 8B, 45, F0, 33, 45, EC, 68, 04, 01, 00, 00, 33, F0, 8D, 85, D4, F9, FF, FF, 50, 53, FF, 15, 60, 30, 40, 00, 85, C0, 75, 41, FF, 15, 5C, 30, 40, 00, 83, F8, 78, 75, 1A, 68, A8, 32, 40, 00, E8, 43, FB, FF, FF...
 
[+]

Entropy:
7.9276

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file thriller heads will roll glee.exe has been seen being distributed by the following URL.

http://www.mp3olimp.net/out.php?type=downloadmanager&title=Finn, Artie, Santana, Rachel Mercedes - Thriller Heads Will Roll&size=5.82&filename=Finn, Artie, Santana, Rachel Mercedes - Thriller Heads Will Roll&product_filename=Finn, Artie, Santana, Rachel Mercedes - Thriller Heads Will Roll&url=http://downloads3.frendz4m.com/attachments/34/2/.../1300468474-Prince1993-1__Thriller__Heads_Will_Roll_-_Glee_Cast_-_Prince1993_mp3.mp3

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove thriller heads will roll glee.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.