home

e87ae8.exe

Polyanskaya Irina

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application e87ae8.exe by Polyanskaya Irina has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Polyanskaya Irina  (signed and verified)

MD5:
21ddacc127e189da8ff14b842b31f06a

SHA-1:
6119638ccd3be6ed54db7c0be5ef41b80fdface6

SHA-256:
d81d830878df13534abec574281aa90791801e781cd4b25c55e26813e1d290bc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 4:45:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick.Polyansk (M)
16.7.9.8

File size:
2.1 MB (2,168,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\e87ae8.exe

Digital Signature
Signed by:
Polyanskaya Irina

Authority:
COMODO CA Limited

Valid from:
8/24/2014 8:00:00 PM

Valid to:
8/25/2015 7:59:59 PM

Subject:
CN=Polyanskaya Irina, O=Polyanskaya Irina, STREET="Suhata Reka, Bl. 225A, Ap. 42", L=Sofia, S=Sofia, PostalCode=1517, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A4C6F876119E08B1C5FF63372D64B83F

File PE Metadata
Compilation timestamp:
12/10/2014 12:45:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:3+xlUozYSAQSiwGINKrQ9lemrO4GO0qebwCf:3+zUozYSAQS9Jq4GO0qe5f

Entry address:
0x4A5000

Entry point:
56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, F0, 16, 00, 2D, E0, C5, 8D, 05, 05, D7, C5, 8D, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 61, D2, 64, 7C, 68, 60, 57, E0, 4B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 00, 4E, 06, 01, 32, A9, 3C, 14, 04, BA, 10, F7, 38, E0, 2F, 85...
 
[+]

Entropy:
7.9539  (probably packed)

Code size:
144 KB (147,456 bytes)

Remove e87ae8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.