home

b7b3b4c31.exe

Georgi Georgiev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application b7b3b4c31.exe by Georgi Georgiev has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.adskoola.info and multiple other hosts.
Publisher:
Georgi Georgiev  (signed and verified)

MD5:
8f084d2ecc8c2e52a932af5d705654a4

SHA-1:
77f3e4880e04f99ff847512d0104b668382fd3c9

SHA-256:
4f42ef47e61dcc18b5c54d09b1c4a3b7f896bab9b15928e129ee3d4ca30afe2f

Scanner detections:
29 / 68

Status:
Adware

Analysis date:
11/16/2024 11:27:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.113278
465

AhnLab V3 Security
Adware/Win32.Vonteera
2015.02.06

Avira AntiVirus
Adware/Vonteera.1810000
7.11.207.212

avast!
Win32:Adware-gen [Adw]
2014.9-151028

AVG
Generic
2016.0.2943

Baidu Antivirus
PUA.Win32.Agent
4.0.3.151028

Bitdefender
Gen:Variant.Zusy.113278
1.0.20.1505

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
20979

Emsisoft Anti-Malware
Gen:Variant.Zusy.113278
8.15.10.28.01

ESET NOD32
Win32/AdWare.Vonteera (variant)
9.11132

Fortinet FortiGate
Adware/Generic
10/28/2015

F-Prot
W32/S-c6367e9e
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.113278
11.2015-28-10_4

G Data
Gen:Variant.Zusy.113278
15.10.25

IKARUS anti.virus
PUA.Vonteera
t3scan.1.8.6.0

K7 AntiVirus
Dialer
13.193.14882

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Generic
14.0.0.1210

McAfee
Artemis!8F084D2ECC8C
5600.6599

MicroWorld eScan
Gen:Variant.Zusy.113278
16.0.0.903

NANO AntiVirus
Riskware.Win32.Vonteera.dnawxv
0.30.0.65070

Norman
VMProtect.W
11.20151028

Panda Antivirus
Trj/CI.A
15.10.28.01

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.WebPick.GeorgiGeorgiev (M)
15.10.28.1

Rising Antivirus
PE:Trojan.Win32.Generic.18099D9C!403283356
23.00.65.151026

Sophos
Generic PUA HH
4.98

Trend Micro House Call
TROJ_GEN.R0E9H07AQ15
7.2.301

VIPRE Antivirus
Trojan.Win32.Generic
37304

File size:
1.7 MB (1,810,000 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\b7b3b4c31.exe

Digital Signature
Signed by:
Georgi Georgiev

Authority:
COMODO CA Limited

Valid from:
6/6/2014 3:00:00 AM

Valid to:
6/6/2016 2:59:59 AM

Subject:
CN=Georgi Georgiev, O=Georgi Georgiev, STREET="4 Petar Stoinov Str., Chelopechene", L=Sofia, S=Sofia, PostalCode=1617, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
50E7161B35AEFC4CA801C951BEF0279A

File PE Metadata
Compilation timestamp:
1/26/2015 12:44:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:dxS4gCNCUwtcqj4x8NDkMjY8/A/pr1Apql+ir:T4uCncRkDkMjY8/zu

Entry address:
0x13E1000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, E0, 10, 00, 2D, E0, C5, B2, 05, 05, D7, C5, B2, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 85, E8, 8C, 7C, 68, 00, 74, 66, 0F, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, FD, D9, 81, A8, 01, 6B, 67, 1A, 45, 12, 3A, 87, AC, 17, 5A, 6B...
 
[+]

Entropy:
7.9736  (probably packed)

Code size:
170.5 KB (174,592 bytes)

The file b7b3b4c31.exe has been seen being distributed by the following 7 URLs.

http://www.adskoola.info/.../e148dfa962.exe

http://www.adskoola.info/.../74951b579.exe

http://www.adskoola.info/.../ded4baf8b2.exe

http://www.adskoola.info/.../8377d6.exe

http://www.adskoola.info/.../e095ac12.exe

http://www.adskoola.info/.../d7b5abc5c.exe

http://www.adskoola.info/.../eb788d08b.exe

Remove b7b3b4c31.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.