» df9395982ee02ad0161f9adcc7c4a410.pe
Overview
Analysis
File Details

df9395982ee02ad0161f9adcc7c4a410.pe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file df9395982ee02ad0161f9adcc7c4a410.pe by Stepan Rybin has been detected as adware by 35 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Stepan Rybin (signed and verified)

MD5:

df9395982ee02ad0161f9adcc7c4a410

SHA-1:

bf3ff9bc6087ea47f639fe472cdf2d09bc279487

SHA-256:

5d4535d9f19d0ca8adc171e3ed962e9a381a5fc72624775531b8345723a4a801

Scanner detections:

35 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/23/2024 5:02:43 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.MPLug.HH

658

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.04.09

avast!

Win32:PUP-gen [PUP]

2014.9-150418

AVG

Generic6

2016.0.3136

Baidu Antivirus

Adware.Win32.MultiPlug

4.0.3.15418

Bitdefender

Adware.MPLug.HH

1.0.20.540

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Multiplug-38904

0.98/21511

Comodo Security

Application.Win32.MultiPlug.YTRA

21697

Dr.Web

Trojan.Crossrider1.22656

9.0.1.0108

Emsisoft Anti-Malware

Adware.MPLug.HH

8.15.04.18.08

ESET NOD32

Win32/Adware.MultiPlug.GE (variant)

9.11445

Fortinet FortiGate

Riskware/MultiPlug

4/18/2015

F-Secure

Adware.MPLug.HH

11.2015-18-04_7

G Data

Adware.MPLug.HH

15.4.25

herdProtect (fuzzy)

variant of youfo the new sports game.m4a.exe (Adware)

2015.7.19.21

IKARUS anti.virus

PUA.Multiplug

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15530

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.2173

Malwarebytes

PUP.Optional.MultiPlug

v2015.04.18.08

McAfee

MultiPlug-FXC

5600.6792

MicroWorld eScan

Adware.MPLug.HH

16.0.0.324

NANO AntiVirus

Riskware.Win32.MultiPlug.dpryge

0.30.10.952

nProtect

Adware.MPLug.HH

15.04.07.01

Panda Antivirus

PUP/Multitoolbar

15.04.18.08

Qihoo 360 Security

Win32/Virus.Multi.0d0

1.0.0.1015

Reason Heuristics

Threat.WebPick.StepanRybin

15.4.18.4

Rising Antivirus

PE:AdWare.Win32.MPLug.b!1075357039

23.00.65.15416

Sophos

PUA 'MultiPlug' (of type Adware)

5.12

Trend Micro House Call

TROJ_GEN.R00UC0PD315

7.2.108

Trend Micro

TROJ_GEN.R00UC0PD315

10.465.18

Vba32 AntiVirus

suspected of Heur.Malware-Cryptor.Multiplug

3.12.26.3

VIPRE Antivirus

MPlug

39184

Zillya! Antivirus

Adware.MultiPlug.Win32.240767

2.0.0.2132

File size:

472.2 KB (483,528 bytes)

Common path:

C:\users\{user}\downloads\df9395982ee02ad0161f9adcc7c4a410.pe

Digital Signature

Signed by:

Stepan Rybin

Authority:

Unizeto Technologies S.A.

Valid from:

6/27/2014 1:37:40 AM

Valid to:

6/27/2015 1:37:40 AM

Subject:

E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata

Compilation timestamp:

9/16/2012 3:40:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:mEn9HZtoXIudsmZ4DmQTOw/S6WKaHqTo9jMznybRjxATcfmOkG1euVAD1jWeo5W0:L9LoXEmZU9TP1i2o9jGSwRBjLON

Entry address:

0x455BB

Entry point:

E8, CF, 1F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, 01, 45, 00, E8, DF, 24, 00, 00, E8, 9C, 21, 00, 00, 0F, B7, F0, 6A, 02, E8, 62, 1F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 28, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4308

Code size:

298 KB (305,152 bytes)

Remove df9395982ee02ad0161f9adcc7c4a410.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.