home

would-you-rather-eng-5105165.exe

The application would-you-rather-eng-5105165.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from liversity.net and multiple other hosts.
MD5:
d8ce7219ff12217d02cac35c9b8fc877

SHA-1:
06c6467443086630ce8355449be8edb814711636

SHA-256:
ab81f8bc3ce080e4d02344a0e729976fac34df789d783e2a8de4a94f3bb84b8f

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 6:32:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPlug.15
776

AhnLab V3 Security
PUP/Win32.MultiPlug
2014.12.22

Avira AntiVirus
ADWARE/MultiPlug.Gen7
7.11.197.26

avast!
Win32:MultiPlug-IZ [PUP]
141214-1

AVG
Adware Generic_r.VD
2014.0.4189

Bitdefender
Gen:Variant.Adware.MPlug.15
1.0.20.1775

Comodo Security
Application.Win32.Multiplug.CT
20434

Dr.Web
Trojan.Crossrider.36840
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug.15
9.0.0.4668

ESET NOD32
Win32/AdWare.MultiPlug.CT application
7.0.302.0

Fortinet FortiGate
Adware/MultiPlug
12/21/2014

F-Prot
W32/S-a45e7af1
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPlug.15
5.13.68

G Data
Gen:Variant.Adware.MPlug.15
14.12.24

K7 AntiVirus
Unwanted-Program
13.188.14395

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

Malwarebytes
PUP.Optional.MultiPlug
v2014.12.21.10

McAfee
Program.MultiPlug-FRO
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.MPlug.15
15.0.0.1065

NANO AntiVirus
Riskware.Win32.MultiPlug.dfjscb
0.28.6.64267

Norman
Gen:Variant.Adware.MPlug.15
04.12.2014 14:30:06

Sophos
PUA 'MultiPlug' (of type Adware)
5.09

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

File size:
923.5 KB (945,664 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\would-you-rather-eng-5105165.exe

File PE Metadata
Compilation timestamp:
8/26/2013 8:42:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:hg2PcuoXdnDNBzyru9aYni1Ph181WtiVS:hfPc/h6ruQYnM1eW+S

Entry address:
0x2ADB6

Entry point:
E8, 78, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, 92, 49, 00, E8, E4, 0F, 00, 00, E8, 45, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D6, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
204 KB (208,896 bytes)

The file would-you-rather-eng-5105165.exe has been seen being distributed by the following 3 URLs.

http://liversity.net/download/v20014?product_file_name=would-you-rather-eng-5105165.zip&product_download_url=http://dl.opensubtitles.org/en/download/sub/5105165&product_image_url=http://static.opensubtitles.org/gfx/thumbs/5/9/9/9/1999995.jpg&installer_file_name=would-you-rather-eng-5105165&filesize=64102&product_title=Would You Rather (2012)&product_name=Would You Rather English 1CD&reffer=http://www.opensubtitles.org/addons/log_product.php?product=bundle&provider=webpick&action=install&redir=http://www.opensubtitles.org/en/subtitles/.../would-you-rather-en&layout_id=8&for_html_installer=1&st=0&uuid=2ezcycXVa7Z04TvlvzMj4MayNVzU4bGgWf8hLmYKSwBeuRazothfOTVNCG9npx99D1TMAnVwPnFAcyvYlUQvX1zLoxJs0mvXTotY3F4xrMXEl8k8po5PuRjJBr78hWfl2cNezIh4YLASxZQS27CGyQ1qdeszeKkIQsoWcTmLuZ63QArUhvEzun8XqM2wPjd7CpkzIrhFx8RHN0LRHKHmdwtXPdPv9x65oo5QTvsIOfDtkKGHwEnhJDO98UQRdhRrUJhBtbHaTkhK9p1X85ran7WMm390x0JQOzTa5LEWcBd4zlhYLl95a16

http://liversity.net/v20014?product_name=Would You Rather English 1CD&filesize=64102&product_image_url=http://static.opensubtitles.org/gfx/thumbs/5/9/9/9/1999995.jpg&product_title=Would You Rather (2012)&installer_file_name=would-you-rather-eng-5105165&product_file_name=would-you-rather-eng-5105165.zip&product_download_url=http://dl.opensubtitles.org/en/download/sub/5105165&reffer=http://www.opensubtitles.org/addons/log_product.php?product=bundle&provider=webpick&action=install&redir=http://www.opensubtitles.org/en/subtitles/.../would-you-rather-en

http://dl.opensubtitles.org/en/download/.../5105165

Remove would-you-rather-eng-5105165.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.