home

wciiw2.exe

Kiril Klimko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application wciiw2.exe by Kiril Klimko has been detected as adware by 22 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Kiril Klimko  (signed and verified)

MD5:
77c580ec7ba1b283d47a5e7ff3e55840

SHA-1:
f5d0ee0c92e3d6ea89b8cc74ddefc4f208f92a47

SHA-256:
b20d8f2d36e8d54fdeee0c496f97cfac01a4264fcfb56896867038b1aab69cf4

Scanner detections:
22 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/24/2024 5:36:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Dropper.101
1023

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
Adware/Win32.Agent
14.04.18

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.144.48

avast!
Win32:MultiPlug-AC [PUP]
2014.9-140418

AVG
Generic5
2015.0.3501

Bitdefender
Gen:Variant.Adware.Dropper.101
1.0.20.540

Comodo Security
Application.Win32.Multiplug.R
18124

Dr.Web
Trojan.Crossrider.5139
9.0.1.0108

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.101
8.14.04.18.05

ESET NOD32
Win32/AdWare.MultiPlug (variant)
8.9693

F-Secure
Gen:Variant.Adware.Dropper.101
11.2014-18-04_6

G Data
Gen:Variant.Adware.Dropper.101
14.4.24

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.04.18.05

McAfee
PUP-FID!77C580EC7BA1
5600.7157

MicroWorld eScan
Gen:Variant.Adware.Dropper.101
15.0.0.324

NANO AntiVirus
Trojan.Win32.Crossrider.cvopfn
0.28.0.59288

Panda Antivirus
Trj/Genetic.gen
14.04.18.05

Reason Heuristics
PUP.KirilKlimko.G
14.4.2.9

Rising Antivirus
PE:Malware.MultiPlug!6.13CF
23.00.65.14416

Sophos
MultiPlug
4.98

VIPRE Antivirus
Trojan.Win32.Generic
28348

File size:
655.6 KB (671,344 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wciiw2.exe

Digital Signature
Signed by:
Kiril Klimko

Authority:
COMODO CA Limited

Valid from:
9/3/2013 1:00:00 AM

Valid to:
9/4/2014 12:59:59 AM

Subject:
CN=Kiril Klimko, O=Kiril Klimko, STREET=Perova 21, L=Kiev, S=Kiev, PostalCode=02125, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4F8445DA07CAF9C24D869920925BA182

File PE Metadata
Compilation timestamp:
3/16/2014 12:34:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:t/36Cpd8FZTeOpplDokUFq9GCWY3W1CNgDkPXqGqoJe9C65roObGqdyxJz1PTz:t/3ZkZT/p/DnAgP3aYRPXqG9E9joODyt

Entry address:
0x10A4B

Entry point:
E8, 3E, 4A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B8, 21, 42, 00, E8, 1F, 21, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, D1, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 90, 37, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
103 KB (105,472 bytes)

Remove wciiw2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.