073c67.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 073c67.exe by Polyanskaya Irina has been detected as adware by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.ftus.info.
Publisher:
Polyanskaya Irina  (signed and verified)

MD5:
bde5a35d35e94edb977624d910c1b32b

SHA-1:
4e32f60bcbf6284954a82c1d4197f782b085b688

SHA-256:
a181c4cca4e64141e756296c69b6ada9f0aecb21d10431ca0c72146bddad707d

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/25/2024 2:06:42 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Generik.CZWEWTG (variant)
9.11056

Reason Heuristics
PUP.WebPick
15.3.18.1

Trend Micro House Call
Suspicious_GEN.F47V0121
7.2.24

VIPRE Antivirus
Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X
36878

File size:
1.9 MB (1,950,288 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\q4fuaemr\073c67.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/24/2014 8:00:00 PM

Valid to:
8/25/2015 7:59:59 PM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata
Compilation timestamp:
1/6/2015 4:39:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:QDqa+0flJ+PH7Hs/dyHAtXnAbSdr2DtbaFwMN9312UJTa:10f274cwA3tbaGMvTa

Entry address:
0xC8D2

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 6E, 73, 4A, 00, F7, 73, 67, 1D, DE, D5, 6E, 7D, 7F, 21, 25, 9B, E2, 70, 17, 10, DF, 1E, D3, F0, E8, 06, AB, 62, 44, 24, 33, CF, 22, C1, B8, CB, EC, CD, 15, 87, AE, 5A, F7, 0C, 9A, 62, 1C, 85, 81, 42, 37, 56, 02, FA, 89, 38, 2E, C2, 5D, 75, 4B, 6C, F9, 6A, 57, 44, 36, 0F, D7, 17, 06, 83, 7C, 00, EA, D8, E6, 5D, 39, BC, C1, 1B, 51, 93, F4, F7, 82, 84, 32, 0D, F6, 6E, 71, 09, 89, DF, FB, E1, 14, A3, D8, 3D, 4C, 42...
 
[+]

Entropy:
7.9799

Developed / compiled with:
Microsoft Visual C++

Code size:
148 KB (151,552 bytes)

The file 073c67.exe has been seen being distributed by the following URL.

Remove 073c67.exe - Powered by Reason Core Security