8b2087165c.exe

Georgi Georgiev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 8b2087165c.exe by Georgi Georgiev has been detected as adware by 17 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.dolfine.info and multiple other hosts.
Publisher:
Georgi Georgiev  (signed and verified)

MD5:
95a78456afc7f039921e74b3db5e0d0c

SHA-1:
a548cf93dcfd893c1861139652f462211f6d94e3

SHA-256:
e70150160e43575abd54673ddbe2b8a561dd0060cdfd94657255be1eb94da8e3

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
12/28/2024 11:57:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.113278
515

AhnLab V3 Security
Adware/Win32.Vonteera
2014.12.11

Avira AntiVirus
TR/Zusy.2163792
7.11.194.92

avast!
Win32:Adware-gen [Adw]
2014.9-150907

Bitdefender
Gen:Variant.Zusy.113278
1.0.20.1250

Comodo Security
ApplicUnwnt
20335

Emsisoft Anti-Malware
Gen:Variant.Zusy.113278
8.15.09.07.02

ESET NOD32
Win32/AdWare.Vonteera (variant)
9.10861

Fortinet FortiGate
Riskware/Vonteera
9/7/2015

F-Secure
Gen:Variant.Zusy.113278
11.2015-07-09_2

G Data
Gen:Variant.Zusy.113278
15.9.24

McAfee
Artemis!95A78456AFC7
5600.6649

MicroWorld eScan
Gen:Variant.Zusy.113278
16.0.0.750

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.WebPick.GeorgiGeorgiev (M)
15.9.7.14

Trend Micro House Call
Suspicious_GEN.F47V1205
7.2.250

VIPRE Antivirus
Trojan.Win32.Generic
35624

File size:
2.1 MB (2,163,792 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\8b2087165c.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/6/2014 3:00:00 AM

Valid to:
6/6/2016 2:59:59 AM

Subject:
CN=Georgi Georgiev, O=Georgi Georgiev, STREET="4 Petar Stoinov Str., Chelopechene", L=Sofia, S=Sofia, PostalCode=1617, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
50E7161B35AEFC4CA801C951BEF0279A

File PE Metadata
Compilation timestamp:
12/4/2014 1:22:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:SqnV5XMeRt45sPGJcrNalUfU10j/H0zKmuccxCIRZA9YY:DV580oIM0jP+0XxaYY

Entry address:
0x14CD000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 60, 16, 00, 2D, E0, C5, 92, 05, 05, D7, C5, 92, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 32, EF, B7, 65, 68, 1B, 2A, 40, 0B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 9D, EC, 49, 4A, 8E, 38, 88, E4, E2, 21, 61, C2, E3, 6B, 40, 93...
 
[+]

Entropy:
7.9760  (probably packed)

Code size:
155 KB (158,720 bytes)

The file 8b2087165c.exe has been seen being distributed by the following 4 URLs.

http://www.dolfine.info/.../47242dd829.exe

http://www.dolfine.info/.../82b95e62d9.exe

http://www.dolfine.info/.../eb7c70d6.exe

Remove 8b2087165c.exe - Powered by Reason Core Security