» f9223be5c436bd9e6cb2c4334010e1d0.pe
Overview
Analysis
File Details

f9223be5c436bd9e6cb2c4334010e1d0.pe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file f9223be5c436bd9e6cb2c4334010e1d0.pe by Stepan Rybin has been detected as adware by 31 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Stepan Rybin (signed and verified)

MD5:

f9223be5c436bd9e6cb2c4334010e1d0

SHA-1:

5d6466746b71aeaa53db9c2e4fee3903acdd24a9

SHA-256:

b970f47f5574ac62345e99fb643888c7ca02cfaecf235232a348ad4c50088f13

Scanner detections:

31 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 3:27:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Mikey.9481

658

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.04.08

Avira AntiVirus

PUA/MultiPlug.11245

3.6.1.96

avast!

Win32:Agent-AUVV [Trj]

2014.9-150418

AVG

Generic6

2016.0.3136

Baidu Antivirus

Adware.Win32.MultiPlug

4.0.3.15418

Bitdefender

Gen:Variant.Adware.Mikey.9481

1.0.20.540

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.MultiPlug.YTRA

21687

Dr.Web

Trojan.Crossrider1.22656

9.0.1.0108

Emsisoft Anti-Malware

Gen:Variant.Adware.Mikey.9481

8.15.04.18.09

ESET NOD32

Win32/Adware.MultiPlug.FQ (variant)

9.11440

Fortinet FortiGate

Riskware/MultiPlug

4/18/2015

F-Prot

W32/S-dda247a3

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Mikey

11.2015-18-04_7

G Data

Gen:Variant.Adware.Mikey.9481

15.4.25

IKARUS anti.virus

AdWare.MultiPlug

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.202.15518

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.2173

Malwarebytes

PUP.Optional.Bundler

v2015.04.18.09

McAfee

MultiPlug-FWS

5600.6792

MicroWorld eScan

Gen:Variant.Adware.Mikey.9481

16.0.0.324

NANO AntiVirus

Riskware.Win32.MultiPlug.dphkko

0.30.10.952

Qihoo 360 Security

Win32/Virus.Multi.0d0

1.0.0.1015

Reason Heuristics

Threat.WebPick.StepanRybin

15.4.18.5

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15416

Sophos

MultiPlug

4.98

Trend Micro House Call

Suspicious_GEN.F47V0329

7.2.108

Vba32 AntiVirus

SScope.Adware.MultiPlug

3.12.26.3

VIPRE Antivirus

Adware Trojan.Win32.Generic

39156

Zillya! Antivirus

Adware.MultiPlug.Win32.253756

2.0.0.2130

File size:

822.7 KB (842,440 bytes)

Common path:

C:\users\{user}\downloads\f9223be5c436bd9e6cb2c4334010e1d0.pe

Digital Signature

Signed by:

Stepan Rybin

Authority:

Unizeto Technologies S.A.

Valid from:

6/27/2014 1:37:40 AM

Valid to:

6/27/2015 1:37:40 AM

Subject:

E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata

Compilation timestamp:

3/3/2012 2:47:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Bfvpms/8qINnNgEFxxpYCMWHH7StznAY37aWGkIHf9On4lRDlZeBow9wftqV:BnpmQtINnxlMJmRPk94vDq5yg

Entry address:

0xB194F

Entry point:

E8, 41, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, 4D, 4C, 00, E8, 4B, 18, 00, 00, E8, 0E, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, D4, 12, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 83, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7105 (probably packed)

Code size:

730.5 KB (748,032 bytes)

Remove f9223be5c436bd9e6cb2c4334010e1d0.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.