BackgroundEngine.exe

Background Engine Script

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application BackgroundEngine.exe by Fedorov Paul has been detected as adware by 2 anti-malware scanners.
Publisher:
Fedorov Paul  (signed and verified)

Product:
Background Engine Script

Version:
1.0.0.1

MD5:
7c45d8f2375858ca5fb7d9f910ec83fc

SHA-1:
2cd6fe432a2cf4c8e98755090724ee95032ab58e

SHA-256:
cf892ea656c906fd8e3d9f25495cd6d614080401371ba49e9d2d4c79556ce9dd

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/27/2024 1:32:42 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.BGuard.31
9.0.1.048

Reason Heuristics
PUP.Webpick.FedorovPaul (M)
16.2.17.10

File size:
290.6 KB (297,608 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
BackgroundEngine.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gigabase\basement\backgroundengine.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/28/2012 3:00:00 AM

Valid to:
8/29/2013 2:59:59 AM

Subject:
CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
702D4055EE5CC734192DCBDFFE7AE8E1

File PE Metadata
Compilation timestamp:
6/5/2013 9:58:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:pqqD9MW3229+KF3qVGoeaYLP4JcRuKrn/LTSN/BKNyLihQvul8bChZtKHZjPBLiN:5G29L3JLPrRuKTLWKWZjJLimOvp

Entry address:
0x1F739

Entry point:
E8, 73, 7A, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 88, BF, 43, 00, E8, 55, 04, 00, 00, 33, F6, 89, 75, E4, 33, C0, 8B, 5D, 08, 3B, DE, 0F, 95, C0, 3B, C6, 75, 1C, E8, 9D, 0A, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 25, 0A, 00, 00, 83, C4, 14, 33, C0, EB, 7B, 33, C0, 8B, 7D, 0C, 3B, FE, 0F, 95, C0, 3B, C6, 74, D6, 33, C0, 66, 39, 37, 0F, 95, C0, 3B, C6, 74, CA, E8, 13, 7F, 00, 00, 89, 45, 08, 3B, C6, 75, 0D, E8, 5B, 0A, 00, 00, C7, 00, 18, 00, 00, 00, EB, C9, 89, 75, FC, 66, 39, 33, 75, 20...
 
[+]

Code size:
198.5 KB (203,264 bytes)

Remove BackgroundEngine.exe - Powered by Reason Core Security