new klay bbj 2015 ✪عشاق العيب✪ h

Ronen Kvurt

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The file new klay bbj 2015 ✪عشاق العيب✪ h by Ronen Kvurt has been detected as adware by 24 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Ronen Kvurt  (signed and verified)

MD5:
95d676c91b21ad5705fb7aaee3a1afe2

SHA-1:
ca5468e453972e4c1b1e3f9ca240effcc5f70a85

SHA-256:
78d0ac10d0506078984775160d132175adc507bf2d0e10ef6f944c4f04acb076

Scanner detections:
24 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/24/2024 10:27:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPLug.35
5708900

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.04.26

Avira AntiVirus
PUA/Multiplug.trov
3.6.1.96

avast!
Win32:MultiPlug-XG [PUP]
150319-1

AVG
Adware Generic6.NYC
2014.0.4311

Bitdefender
Gen:Variant.Adware.MPLug.35
1.0.20.575

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.MultiPlug.VE
21890

Dr.Web
Trojan.Crossrider1.24490
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPLug.35
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.ES application
7.0.302.0

F-Prot
W32/S-ee49f53c
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPLug
5.13.68

G Data
Gen:Variant.Adware.MPLug.35
15.4.25

K7 AntiVirus
Unwanted-Program
13.203.15710

Malwarebytes
PUP.Optional.MultiPlug.A
v2015.04.25.03

McAfee
Program.MultiPlug-FVQ
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.MPLug.35
16.0.0.345

NANO AntiVirus
Trojan.Win32.DownLoader12.dnwplq
0.30.20.1219

Reason Heuristics
Threat.WebPick.RonenKvurt
15.4.25.11

Sophos
MultiPlug
4.98

Zillya! Antivirus
Adware.MultiPlug.Win32.197639
2.0.0.2153

File size:
1.1 MB (1,113,960 bytes)

Common path:
C:\users\{user}\downloads\new klay bbj 2015 ✪عشاق العيب✪ hd - youtube.mp4.exe

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
5/14/2014 8:13:06 AM

Valid to:
5/14/2015 8:13:06 AM

Subject:
E=ronenkvurt@yahoo.com, CN=Ronen Kvurt, O=Ronen Kvurt, C=IL

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
2FCC7E9A4043746064F138856B04DABB

File PE Metadata
Compilation timestamp:
12/20/2012 2:23:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:VQnLEuz/To/BV7fuOgzFKF4tiVldueLvBa1WvbIZlxtle:WQE/TuT7wzFkF+wY

Entry address:
0xB3D19

Entry point:
E8, FF, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 90, 4F, 00, E8, 11, 19, 00, 00, E8, CC, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 92, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 40, 03, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
740 KB (757,760 bytes)

The file new klay bbj 2015 ✪عشاق العيب✪ h has been seen being distributed by the following URL.