» lfs+bewr.exe
Overview
Analysis
File Details

lfs+bewr.exe

Egor Sotok

The file lfs+bewr.exe by Egor Sotok has been detected as a potentially unwanted program by 12 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

lfs+bewr.exe

Publisher:

Egor Sotok (signed and verified)

MD5:

b341e34f3a69eec5a4b05d4d1cad9c08

SHA-1:

62e6fcc5a1cfe3f444c3e4f300f50e3c3a2b83bd

SHA-256:

9b01b696245b85f6a82efa534dce7b8910d3d85d2ee9b719252669d572825392

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/5/2024 3:42:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Kazy.660171

5813571

avast!

Win32:FakeDownload-G [PUP]

160111-0

AVG

Adware Generic6.BFTY

2015.0.4477

Clam AntiVirus

Win.Adware.Multiplug-47678

0.98/21259

Dr.Web

Trojan.Crossrider1.33816

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Kazy.660171

10.0.0.5366

ESET NOD32

Win32/Adware.MultiPlug.MW application

7.0.302.0

McAfee

Program.Multiplug-FAF

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.2822.0

Norman

Gen:Variant.Application.Kazy.660171

11.01.2016 17:30:26

Sophos

PUA 'MultiPlug' (of type Adware)

5.23

VIPRE Antivirus

Threat.5180739

46434

File size:

324.3 KB (332,128 bytes)

Common path:

C:\users\{user}\appdata\local\temp\lfs+bewr.exe.part

Digital Signature

Signed by:

Egor Sotok

Authority:

Unizeto Technologies S.A.

Valid from:

9/19/2014 2:11:06 PM

Valid to:

9/19/2015 2:11:06 PM

Subject:

E=sotok80@outlook.com, CN=Egor Sotok, O=Egor Sotok, C=UA

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

05254927244C43E36F9A5582D3D06F64

File PE Metadata

Compilation timestamp:

3/23/2013 1:08:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:Z3ZT+zML6OUrO56jIFoHjR7hFOz+Aq5pl+Jxtbu8VmJTVeuEXj9QK2ssCrJOdh/5:ZJDLTUYN+JuqAypwfc8QTVfUFIbp3

Entry address:

0x68C8

Entry point:

E8, 52, 11, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, F1, 42, 00, E8, 62, 16, 00, 00, E8, 1F, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, E5, 10, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C6, 0A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

46.5 KB (47,616 bytes)

Remove lfs+bewr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.