crack and setup.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application crack and setup.exe by Stepan Rybin has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the WebPick InstalleRex installer. The file has been seen being downloaded from profficer.org. While running, it connects to the Internet address r1.stylezip.info on port 80 using the HTTP protocol.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
ad02b3701cc0981949573cb11f9d9d7a

SHA-1:
c748daa9af7728bdb9ebe222769ca4adbdf06d18

SHA-256:
ae54e7ac63960a250317b8b67b887c659d2fc0368cc6d67657c6efd33611e692

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/24/2024 10:47:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick.StepanRy.Bundler (M)
16.4.13.14

File size:
1.1 MB (1,105,608 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
WebPick InstalleRex

Common path:
C:\ProgramData\{eb7abd7c-c914-36a1-eb7a-abd7cc91f5f3}\crack and setup.exe

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 1:37:40 AM

Valid to:
6/27/2015 1:37:40 AM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
5/1/2013 11:42:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:EtBIvkdGZ0M3+bEEq7wXV1ELCE9hQb5mqr0wlGKb5X7:Gj14+gESwXV2eE9epVh7

Entry address:
0xB1F8B

Entry point:
E8, FC, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 90, 4F, 00, E8, 0F, 19, 00, 00, E8, C9, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 8F, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 3E, 03, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4165

Code size:
732.5 KB (750,080 bytes)

The file crack and setup.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to r1.stylezip.info  (54.186.255.26:80)

Remove crack and setup.exe - Powered by Reason Core Security