» vistastartmenu_setup_2_92_pro_en.exe
Overview
Analysis
File Details
Network (1)

vistastartmenu_setup_2_92_pro_en.exe

Dennis Nazarenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application vistastartmenu_setup_2_92_pro_en.exe by Dennis Nazarenko has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.

File name:

Publisher:

Dennis Nazarenko (signed and verified)

MD5:

838ca2b25edac9313fbf279f211ecfff

SHA-1:

eaef6658909fedd19b8c4f12af0e8221e7563e48

SHA-256:

4c3df55f9963ee93c544f118abc2462074dde5e8c1cf8422cd17f3b645229fc4

Scanner detections:

3 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

5/10/2024 4:12:46 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

PUA.Packed.ASPack

0.98/17411

McAfee

Artemis!838CA2B25EDA

5600.6594

Reason Heuristics

PUP.WebPick.DennisNazarenko.Bundler (M)

15.11.2.1

File size:

2.7 MB (2,805,816 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

WebPick InstalleRex (using Nullsoft Install System)

Digital Signature

Signed by:

Dennis Nazarenko

Authority:

The USERTRUST Network

Subject:

CN=Dennis Nazarenko, O=Dennis Nazarenko, POBox=15A, STREET=Jovtneva 7A, L=Vishneve, S=Kievskaya, PostalCode=08132, C=UA

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00DBE65D78CE895A82ADCC70F584A6A0BB

File PE Metadata

Compilation timestamp:

5/3/2008 10:08:47 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:mCTY0K7bQjKtSNL47+cf1RdT3zanMXu8qbr0Stt8uIMHDV4idpNaH6JwF1J9TLWT:pqt0N0yctrzankP8AStyihhaH6JwFTil

Entry address:

0x30E3

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 58, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, E1, 2A, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 90, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 4C, 91, 40, 00, 68, 60, E3, 42, 00, E8, 98, 27, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 86, 27, 00, 00... 
[+]

Entropy:

7.9919

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to r1.stylezip.info (54.186.255.26:80)

Remove vistastartmenu_setup_2_92_pro_en.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.