download.exe

the database dedicated

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application download.exe by Alexey Kurilenko has been detected as adware by 22 anti-malware scanners. This is a setup program which is used to install the application. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
itself  (signed by Alexey Kurilenko)

Product:
the database dedicated

Version:
2.3.0.0

MD5:
c9081860e220500ed3317314d24e92e3

SHA-1:
3752e98642f2120507357de1782b21e759ff024d

SHA-256:
d61cb43718e268831ff7068fb3d5fc763c2158f6ac9669530f433eaf7bac9887

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
11/24/2024 8:45:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.681480
926

Agnitum Outpost
PUA.MultiPlug
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.163.200

avast!
Win32:InstalleRex-CH [PUP]
140617-1

AVG
Adware Generic5.BAZD
2014.0.3986

Bitdefender
Application.Generic.681480
1.0.20.1025

Clam AntiVirus
Win.Adware.Graftor-186
0.98/21411

Comodo Security
Application.Win32.Multiplug.GETF
18956

Dr.Web
Adware.Downware.6035
9.0.1.05190

ESET NOD32
Win32/AdWare.MultiPlug.AJ application
7.0.302.0

F-Secure
Application.Generic.681480
11.2014-24-07_5

G Data
Application.Generic.681480
14.7.24

IKARUS anti.virus
AdWare.SaveNet
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.181.12819

Malwarebytes
PUP.Optional.Preload
v2014.07.24.09

McAfee
PUP-FIC
5600.7060

MicroWorld eScan
Application.Generic.681480
15.0.0.615

NANO AntiVirus
Riskware.Win32.MultiPlug.dchugy
0.28.2.60990

Panda Antivirus
PUP/TSUploader
14.07.24.09

Reason Heuristics
PUP.AlexeyKurilenko.I
14.7.24.9

Sophos
MultiPlug
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
807.9 KB (827,280 bytes)

Product version:
2.3.0.0

Copyright:
Copyright (c) 2014

Original file name:
security may thought

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\download.exe

Digital Signature
Authority:
Unizeto Technologies S.A.

Valid from:
6/17/2014 9:20:17 PM

Valid to:
6/17/2015 9:20:17 PM

Subject:
E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
15D51642691B3EE20985639A8FE865DD

File PE Metadata
Compilation timestamp:
7/15/2014 10:02:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:1FU3XZISMSND63ZVAHo8JamC2ZbzcG4VirzucD3eAuPZtfcn8rq:OMSNOZmHoGC2ZbzBVrSy6Ztfeh

Entry address:
0x1607E

Entry point:
E8, 6B, 75, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B8, BD, 42, 00, E8, BC, 26, 00, 00, E8, BC, 0E, 00, 00, 0F, B7, F0, 6A, 02, E8, FE, 74, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 20, 3A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.7037  (probably packed)

Code size:
140 KB (143,360 bytes)

The file download.exe has been seen being distributed by the following URL.

Remove download.exe - Powered by Reason Core Security