ita la cittadella 2003.exe

used databases

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application ita la cittadella 2003.exe by Alexey Kurilenko has been detected as adware by 13 anti-malware scanners. This is a setup program which is used to install the application. It uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.
Publisher:
are  (signed by Alexey Kurilenko)

Product:
used databases

Version:
8.1.0.0

MD5:
367b1e6a5837a0141046d1bae558509a

SHA-1:
8d44c50f753b8065df4e85cd8feb1994d6a36d0f

SHA-256:
3b9e795b9b78639f7fe042a2248a88f58793d3784e9c68b124958532c2853e83

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:
12/26/2024 5:08:19 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/MultiPlug.aob
7.11.166.108

avast!
Win32:InstalleRex-CH [PUP]
140617-1

AVG
Adware Generic_r.RI
2014.0.4007

Dr.Web
Trojan.WebPick.2798
9.0.1.05190

ESET NOD32
Win32/AdWare.MultiPlug.BE (variant)
8.10235

IKARUS anti.virus
AdWare.SaveNet
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.MultiPlug
v2014.08.11.08

McAfee
Program.CryptMplug
16.8.708.2

NANO AntiVirus
Trojan.Win32.Crossrider.ddnccj
0.28.2.61349

Panda Antivirus
PUP/TSUploader
14.08.11.08

Reason Heuristics
PUP.AlexeyKurilenko.W
14.8.11.7

Sophos
MultiPlug
4.98

VIPRE Antivirus
Threat.4786450
31208

File size:
955.4 KB (978,296 bytes)

Product version:
8.1.0.0

Copyright:
Copyright (c) 2014

Original file name:
and For more

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ita la cittadella 2003.exe

Digital Signature
Authority:
Unizeto Technologies S.A.

Valid from:
6/17/2014 2:20:17 PM

Valid to:
6/17/2015 2:20:17 PM

Subject:
E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
15D51642691B3EE20985639A8FE865DD

File PE Metadata
Compilation timestamp:
8/4/2014 7:23:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:UrTAcLO/ure+wRVtA0eza3qgqOKezk/LXflC:YAcLo+Itaa3tqOKe0Xw

Entry address:
0x2EF58

Entry point:
E8, 85, 9F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 57, 45, 00, E8, 52, 3A, 00, 00, E8, 6D, 0C, 00, 00, 0F, B7, F0, 6A, 02, E8, 18, 9F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A3, 7E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
276.5 KB (283,136 bytes)

The file ita la cittadella 2003.exe has been seen being distributed by the following URL.

Remove ita la cittadella 2003.exe - Powered by Reason Core Security