senjou_no_valkyria_3_extra_edition_j_bahamut.exe

Ronen Kvurt

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application senjou_no_valkyria_3_extra_edition_j_bahamut.exe by Ronen Kvurt has been detected as adware by 20 anti-malware scanners. The file has been seen being downloaded from profficer.org.
Publisher:
Ronen Kvurt  (signed and verified)

MD5:
f6b4622cc42f52fa00b6d32d6c342f0c

SHA-1:
cf97be7922af2eb5ffaaaf325e4178f362588aeb

SHA-256:
a470fe1b4c8d2212ad1e0faea1f52e38f4ca545638f39d031c10803a142ff4d2

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
11/24/2024 11:08:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.7658
6779108

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.03.05

Avira AntiVirus
PUA/Multiplug.trov
7.11.213.132

AVG
Generic6
2016.0.3180

Bitdefender
Gen:Variant.Adware.Mikey.7658
1.0.20.315

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.7658
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.EW application
7.0.302.0

F-Prot
W32/S-05e718fa
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
5.13.68

G Data
Gen:Variant.Adware.Mikey.7658
15.3.25

K7 AntiVirus
Unwanted-Program
13.200.15159

Malwarebytes
PUP.Optional.MultiPlug.A
v2015.03.04.04

McAfee
Program.MultiPlug-FVQ
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.Mikey.7658
16.0.0.189

NANO AntiVirus
Riskware.Win32.MultiPlug.dnxpba
0.30.0.296

Reason Heuristics
PUP.WebPick
15.3.4.16

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15302

Sophos
PUA 'MultiPlug' (of type Adware)
5.11

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

Zillya! Antivirus
Adware.MultiPlug.Win32.200624
2.0.0.2088

File size:
1.1 MB (1,141,096 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
Unizeto Technologies S.A.

Valid from:
5/14/2014 3:13:06 AM

Valid to:
5/14/2015 3:13:06 AM

Subject:
E=ronenkvurt@yahoo.com, CN=Ronen Kvurt, O=Ronen Kvurt, C=IL

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
2FCC7E9A4043746064F138856B04DABB

File PE Metadata
Compilation timestamp:
4/19/2012 4:44:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:SwTZdJ0r8z6PoqlGPOtoyEhMXCNWgGMz5byh6ShBYbMkdBiQUH5n3r5Nn8Brx5+1:SwTLE3lh0NWskQblBcdmGz/Wr7G1x

Entry address:
0xBA4F9

Entry point:
E8, FE, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A0, 10, 50, 00, E8, 11, 19, 00, 00, E8, CB, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 91, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 40, 03, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4111

Code size:
766 KB (784,384 bytes)

The file senjou_no_valkyria_3_extra_edition_j_bahamut.exe has been seen being distributed by the following URL.