» vaudix_extension.exe
Overview
Analysis
File Details

vaudix_extension.exe

Vlad Zemyn

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application vaudix_extension.exe by Vlad Zemyn has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Vlad Zemyn (signed and verified)

MD5:

d6e4291bd398acd8234eb52125c1c258

SHA-1:

73b25b08b8b5e4999038ebeaecedb9a3340ceec4

SHA-256:

84ce2cbf2d56a12128291210e5cc5abf62ce44c2708017f5557d284d4357fadd

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 1:09:50 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WebPick.VladZemyn (M)

16.2.1.17

File size:

1.5 MB (1,546,000 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\addons\vaudix_extension.exe

Digital Signature

Signed by:

Vlad Zemyn

Authority:

COMODO CA Limited

Valid from:

9/27/2013 7:00:00 AM

Valid to:

9/28/2014 6:59:59 AM

Subject:

CN=Vlad Zemyn, O=Vlad Zemyn, STREET=Oboronnaya 43, L=Kiev, S=Kiev, PostalCode=03110, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FA2E3FCB8E83B20759399F7E1D9549EE

File PE Metadata

Compilation timestamp:

9/29/2013 8:07:26 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:wXql1zqBa3r7YhEQFcypggK2Oa07RZR7y2AT7Q06m96acQDxYMl7X:wXql18a3r7ObFl11z07R7Wr96acqh

Entry address:

0x13B4D

Entry point:

E8, F7, 40, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, 9F, 42, 00, E8, ED, 09, 00, 00, E8, C4, 42, 00, 00, 0F, B7, F0, 6A, 02, E8, 8A, 40, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 96, 01, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8823 (probably packed)

Code size:

140 KB (143,360 bytes)

Remove vaudix_extension.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.