home

0b00a971c1.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 0b00a971c1.exe by Polyanskaya Irina has been detected as adware by 9 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Polyanskaya Irina  (signed and verified)

MD5:
6ac7b2e7ccb60aaf3103262edb0559ac

SHA-1:
db36e438fe90f25c8d664589b97485da5e0300c1

SHA-256:
3102d18e0ec31f9d9c9d940f97bcde00f7b506d60af7379bdf11949e39c82770

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
11/5/2024 4:47:47 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.1952856
8.3.1.6

avast!
Win32:Malware-gen
2014.9-150309

Emsisoft Anti-Malware
Trojan.GenericKD.2505820
8.15.06.29.05

ESET NOD32
Generik.DKMLTYS potentially unwanted (variant)
9.11828

F-Secure
Trojan.GenericKD.2505820
11.2015-29-06_2

herdProtect (fuzzy)
variant of d21611870.exe (Adware)
2015.6.15.4

Kaspersky
Trojan.Win32.Dapta
14.0.0.1814

Reason Heuristics
PUP.WebPick
15.3.18.1

Trend Micro House Call
Suspicious_GEN.F47V0306
7.2.68

File size:
1.9 MB (1,952,848 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\0b00a971c1.exe

Digital Signature
Signed by:
Polyanskaya Irina

Authority:
COMODO CA Limited

Valid from:
8/25/2014 4:30:00 AM

Valid to:
8/26/2015 4:29:59 AM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata
Compilation timestamp:
3/4/2015 11:57:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Qmhk4RWcN4lFQ0BXqjHLLCNcSD0eJIvG0T4VZTraUTvGFbf69EhRnxs1i7e5/hiQ:1hkha4lFDB67LFE7VVZteFD+Eh9iDjfL

Entry address:
0x1386A

Entry point:
E8, 06, A3, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 14, A4, 43, 00, 00, 74, 05, E9, 64, A3, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01...
 
[+]

Entropy:
7.7411  (probably packed)

Code size:
168 KB (172,032 bytes)

Remove 0b00a971c1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.