» nero-7.11.10.0c_all_update.exe
Overview
Analysis
File Details

nero-7.11.10.0c_all_update.exe

Kaydar LLC

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application nero-7.11.10.0c_all_update.exe by Kaydar has been detected as adware by 20 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Kaydar LLC (signed and verified)

MD5:

fb24d1a1c279077adc9e180d73b74512

SHA-1:

f5df98dc8f9b8ce4ae91530b651e29c18c76efeb

SHA-256:

afb5069fc0348981805d180e576c1d8ca04891788ed86355d5d6d7193920b32a

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/24/2024 5:42:41 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Mplug.30

6483355

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.02.25

Avira AntiVirus

ADWARE/MultiPlug.Gen7

7.11.212.80

avast!

Win32:MultiPlug-UI [PUP]

150129-1

AVG

Generic6

2016.0.3189

Bitdefender

Gen:Variant.Adware.Mplug.30

1.0.20.275

Comodo Security

Application.Win32.AdWare.MultiPlug.VA

21196

Dr.Web

Trojan.Crossrider1.17577

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Mplug.30

9.0.0.4799

ESET NOD32

Win32/Adware.MultiPlug.EP application

7.0.302.0

F-Prot

W32/S-7d1b6c10

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Mplug.30

11.2015-24-02_3

G Data

Gen:Variant.Adware.Mplug.30

15.2.25

K7 AntiVirus

Unwanted-Program

13.198.15065

McAfee

Program.MultiPlug-FVJ

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Mplug.30

16.0.0.165

NANO AntiVirus

Riskware.Win32.MultiPlug.dnvpgw

0.30.0.296

Panda Antivirus

Generic Suspicious

15.02.24.08

Reason Heuristics

PUP.WebPick

15.3.20.19

Sophos

MultiPlug

4.98

File size:

1.1 MB (1,178,552 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\{eeb1766e-7da9-ceff-eeb1-1766e7dad9b9}\ nero-7.11.10.0c_all_update.exe

Digital Signature

Signed by:

Kaydar LLC

Authority:

GlobalSign nv-sa

Valid from:

9/29/2014 9:20:51 PM

Valid to:

9/30/2015 9:20:51 PM

Subject:

CN=Kaydar LLC, O=Kaydar LLC, L=Dnipropetrovsk, C=UA

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FB2357192451D5B3CE70F91AB97B8BEB

File PE Metadata

Compilation timestamp:

1/3/2012 10:42:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:ldQ0yaeNoETLKiTk1kdmtDbVFSrcNhQx3qcvrf:lXPe5CtntFSrjNqkf

Entry address:

0x221CB

Entry point:

E8, 8C, 36, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, 41, 50, 00, E8, BF, 0E, 00, 00, E8, 59, 38, 00, 00, 0F, B7, F0, 6A, 02, E8, 1F, 36, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2B, 07, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

376 KB (385,024 bytes)

Remove nero-7.11.10.0c_all_update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.