» 4a6dc5d68.exe
Overview
Analysis
File Details
Downloads (1)

4a6dc5d68.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 4a6dc5d68.exe by Polyanskaya Irina has been detected as adware by 4 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.ftbuss.info.

File name:

4a6dc5d68.exe

Publisher:

Polyanskaya Irina (signed and verified)

MD5:

9ec75d564de7e0e03d7c50f9a0707c58

SHA-1:

464fd36aee9909c7e5d16b9ab88e46f1368c9b23

SHA-256:

22b9ca92f05de6c74bd5e246f3cbacd08d17f32a0651588a480eb77ca3735da7

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

11/5/2024 4:36:09 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-150124

ESET NOD32

Generik.HGKYGC (variant)

9.11068

Reason Heuristics

PUP.WebPick

15.3.18.1

Trend Micro House Call

Suspicious_GEN.F47V0123

7.2.24

File size:

1.9 MB (1,962,576 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\7iz1x2rs\4a6dc5d68.exe

Digital Signature

Signed by:

Polyanskaya Irina

Authority:

COMODO CA Limited

Valid from:

8/24/2014 8:00:00 PM

Valid to:

8/25/2015 7:59:59 PM

Subject:

CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata

Compilation timestamp:

1/22/2015 5:12:00 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:C0KDeS4oiCXOPAT0djUE2D1uyZldsDlyGDj1Oj:C0fS3zXO4T0jP2HGDJju

Entry address:

0x12A2B

Entry point:

E8, 8C, 9B, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 14, 84, 43, 00, 00, 74, 05, E9, EB, 9B, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83... 
[+]

Entropy:

7.7477 (probably packed)

Code size:

160.5 KB (164,352 bytes)

The file 4a6dc5d68.exe has been seen being distributed by the following URL.

http://www.ftbuss.info/.../4a6dc5d68.exe

Remove 4a6dc5d68.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.