home

38b4cdc2.exe

Yordan Damyanov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 38b4cdc2.exe by Yordan Damyanov has been detected as adware by 24 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.nansq.info and multiple other hosts.
Publisher:
Yordan Damyanov  (signed and verified)

MD5:
7b6d6ae06f971fe1362846c0681ea972

SHA-1:
3ac26e6b8b9003c7d90ab900bf6edc81a3198369

SHA-256:
da6833a7ffbd70e39593472dfe1624a43d2b1e418a2f80723e23d35ea38509e2

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
11/16/2024 1:48:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.498279
730

AhnLab V3 Security
Trojan/Win32.Agent
2014.11.27

Avira AntiVirus
Adware/Vonteera.rta
7.11.189.40

avast!
Win32:Malware-gen
2014.9-150204

AVG
Win32/Blacked
2016.0.3208

Baidu Antivirus
Adware.Win32.Vonteera
4.0.3.1524

Bitdefender
Gen:Variant.Kazy.498279
1.0.20.175

Comodo Security
UnclassifiedMalware
20208

Emsisoft Anti-Malware
Gen:Variant.Kazy.498279
8.15.02.04.05

ESET NOD32
Win32/Packed.VMProtect.ABD (variant)
9.10790

Fortinet FortiGate
W32/VMProtBad.A!tr
2/4/2015

F-Secure
Gen:Variant.Kazy.498279
11.2015-04-02_4

G Data
Gen:Variant.Kazy.498279
15.2.24

IKARUS anti.virus
Trojan.Win32.VMProtect
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.186.14161

McAfee
Artemis!7B6D6AE06F97
5600.6864

MicroWorld eScan
Gen:Variant.Kazy.498279
16.0.0.105

NANO AntiVirus
Trojan.Win32.Black.djbkez
0.28.6.63726

Panda Antivirus
Trj/CI.A
15.02.04.05

Qihoo 360 Security
Win32/Trojan.a5d
1.0.0.1015

Reason Heuristics
PUP.WebPick
15.2.4.17

Sophos
Mal/VMProtBad-A
4.98

Trend Micro House Call
Suspicious_GEN.F47V1114
7.2.35

VIPRE Antivirus
Trojan.Win32.Generic
35182

File size:
1.4 MB (1,428,552 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\y72k16tg\38b4cdc2.exe

Digital Signature
Signed by:
Yordan Damyanov

Authority:
COMODO CA Limited

Valid from:
10/7/2013 3:00:00 AM

Valid to:
10/8/2015 2:59:59 AM

Subject:
CN=Yordan Damyanov, O=Yordan Damyanov, STREET=19 Dobri Voinikov Str, L=Sofia, S=Sofia, PostalCode=1000, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FEEF0D77D0AC7E55D4E7707B384AC901

File PE Metadata
Compilation timestamp:
11/11/2014 12:56:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:9lcCxV50KSmiEyIxt/zI4d94g1NhLelo/ZXf71omzCKl8xUOKniJ9Ft/oHYOGpu5:LcQ0GU4dq692CCo8xUO2qONb

Entry address:
0x116CA1E

Entry point:
60, FF, 74, 24, 0C, 66, 89, 2C, 24, 68, EC, 7D, 9B, F2, C7, 44, 24, 24, CE, 30, AA, 7F, 88, 34, 24, E8, EB, 55, 14, 00, 50, B6, 7C, 6B, 30, EA, 5C, 7A, 34, BA, CF, 17, 30, AB, BE, 3C, 03, 6E, 83, EB, FE, 68, 7D, F9, 0C, 7A, 41, A0, BB, 3C, 51, 89, 9C, EE, 33, 5B, 1A, 81, 2C, 2D, 94, 82, 3C, AE, C9, 1E, F7, 09, 50, 60, 21, 4C, 26, A9, FC, 10, E7, AC, B2, D0, B8, 72, C0, D5, 15, 2E, B1, 26, 19, 41, E2, 29, 4B, 03, 92, E6, 0B, AA, 65, AD, B1, DB, 77, DE, DE, C6, 80, E2, 60, 0E, 6B, 04, 45, 70, F5, 20, 7B, 44...
 
[+]

Entropy:
7.8987  (probably packed)

Code size:
169.5 KB (173,568 bytes)

The file 38b4cdc2.exe has been seen being distributed by the following 4 URLs.

http://www.nansq.info/.../38b4cdc2.exe

http://www.nansq.info/.../c583c2b2e.exe

http://www.nansq.info/.../9dd8d39f.exe

http://www.nansq.info/.../9c47b3.exe

Remove 38b4cdc2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.