lfs+bewr.exe

Egor Sotok

The file lfs+bewr.exe by Egor Sotok has been detected as a potentially unwanted program by 12 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Egor Sotok  (signed and verified)

MD5:
b341e34f3a69eec5a4b05d4d1cad9c08

SHA-1:
62e6fcc5a1cfe3f444c3e4f300f50e3c3a2b83bd

SHA-256:
9b01b696245b85f6a82efa534dce7b8910d3d85d2ee9b719252669d572825392

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/28/2024 1:24:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Kazy.660171
5813571

avast!
Win32:FakeDownload-G [PUP]
160111-0

AVG
Adware Generic6.BFTY
2015.0.4477

Clam AntiVirus
Win.Adware.Multiplug-47678
0.98/21259

Dr.Web
Trojan.Crossrider1.33816
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Kazy.660171
10.0.0.5366

ESET NOD32
Win32/Adware.MultiPlug.MW application
7.0.302.0

McAfee
Program.Multiplug-FAF
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.2822.0

Norman
Gen:Variant.Application.Kazy.660171
11.01.2016 17:30:26

Sophos
PUA 'MultiPlug' (of type Adware)
5.23

VIPRE Antivirus
Threat.5180739
46434

File size:
324.3 KB (332,128 bytes)

Common path:
C:\users\{user}\appdata\local\temp\lfs+bewr.exe.part

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
9/19/2014 2:11:06 PM

Valid to:
9/19/2015 2:11:06 PM

Subject:
E=sotok80@outlook.com, CN=Egor Sotok, O=Egor Sotok, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
05254927244C43E36F9A5582D3D06F64

File PE Metadata
Compilation timestamp:
3/23/2013 1:08:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:Z3ZT+zML6OUrO56jIFoHjR7hFOz+Aq5pl+Jxtbu8VmJTVeuEXj9QK2ssCrJOdh/5:ZJDLTUYN+JuqAypwfc8QTVfUFIbp3

Entry address:
0x68C8

Entry point:
E8, 52, 11, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, F1, 42, 00, E8, 62, 16, 00, 00, E8, 1F, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, E5, 10, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C6, 0A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
46.5 KB (47,616 bytes)

Remove lfs+bewr.exe - Powered by Reason Core Security