home

Fedorov Paul

Publisher Information

Fedorov Paul is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Fedorov Paul is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Fedorov Paul are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors". Thre are 2 additional code signing certificates issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
8/28/2012 3:00:00 AM

Valid to:
8/29/2013 2:59:59 AM

Subject:
CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
702d4055ee5cc734192dcbdffe7ae8e1

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.WebPick, PUP.Webpick.FedorovPaul, PUP.Webpick.FedorovPaul (M), PUP.Webpick.FedorovPaul.Bundler (M), PUP.Webpick.FedorovP (M), PUP.Webpick.FedorovP.Bundler (M), PUP.Webpick (M)
100.00%

Dr.Web
Adware.BGuard.31
18.00%

Malwarebytes
PUP.Optional.SweetPacks.A
6.00%

NANO AntiVirus
Trojan.Win32.Agent.doxche
4.00%

ESET NOD32
Win32/Toolbar.Neobar
2.00%

Microsoft Security Essentials
Threat.Undefined
2.00%

1 / 68      (Adware)
BackgroundEngine.exe (Background Engine Script)  (a3f1e72d1b4f94b2fe5699b88d51d235)

1 / 68      (Adware)
nsprocess.dll  (7f293f2b6d55a5a28852cd7f5b1ae456)

1 / 68      (Adware)
extensionupdaterservice.exe  (91f7ae81d3c926d19d472d011cb49f69)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (5e9183c7072d566e875944df643897bc)

2 / 68      (Adware)
tmp000000010f2be982bb2ebc9a  (143f8e3e0957873cd245a91a98ebab95)

1 / 68      (Adware)
nsprocess.dll  (71927ddb324f3dfb6edd7afc15fb3fe8)

1 / 68      (Adware)
extension64.dll  (0eb204451455f2da351f92cf2ad95466)

1 / 68      (Adware)
BackgroundEngine.exe (Background Engine Script)  (237cd8c6348200062ab94725931411ba)

1 / 68      (Adware)
extension32.dll  (45d391c72a0282f687ae2135787ac500)

1 / 68      (Adware)
extension64.dll  (3e8ae33e30eee721b881acbe9877acb4)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (f01aacd8f1bf296659df121b91c5da93)

1 / 68      (Adware)
extension64.dll  (15d78d3cf0c79d9e26352f1bce44d854)

1 / 68      (Adware)
extension32.dll  (25c8418f8c034bde5bc483987d8c536d)

1 / 68      (Adware)
BackgroundEngine.exe (Background Engine Script)  (f14fda09079b3995e8fe4ce806dfaa1f)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (2227c6fe5033b04e030a6212b2fe9840)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (e97ba8ced4b5248472ca0daeff4ec49c)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (645e6f6e89c5a802adccb75cbc24febe)

1 / 68      (Adware)
extension64.dll  (5a99564e6b2f98be6486f15f621f8cfe)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (2078d5e75e3801c4d8488b59e16619fd)

1 / 68      (Adware)
extension64.dll  (7a1f7e431d356b0db4ed2d2471b41d3d)

2 / 68      (Adware)
BackgroundEngine.exe (Background Engine Script)  (7c45d8f2375858ca5fb7d9f910ec83fc)

1 / 68      (Adware)
uninstall.exe (Gigabase by Kurs.ru)  (b208c9ac9fe3acff4142a0fec2c73ebd)

1 / 68      (Adware)
guard.exe  (4db27319753eaa6aee1ba12fc51a436c)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (575def9ef6f6a8769d1b3dd715b9e541)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (8498295a2c97831a973ad277db88fc8e)

1 / 68      (Adware)
guardbackgroundservice.exe  (d3699f603645debf545c41903031c2cc)

2 / 68      (Adware)
BackgroundEngine.exe (Background Engine Script)  (2b3861fca5d0f0805a8a91bb817c02cd)

1 / 68      (Adware)
extension32.dll  (5faceaecece4a0d58dbf46fafb46bb94)

1 / 68      (Adware)
installerhelper.dll  (be8eb8452b48dfd5d1eeb4a92fc1afd4)

1 / 68      (Adware)
download.exe (Gigabase by Kurs.ru)  (54a5e0cbdd0a6d5c6db62997cb0934d9)

 
Latest 30 of 63 files

Downloads URLs for files signed by Fedorov Paul.

1 / 68      (Adware)
http://gigabase.info/.../download.exe  (2078d5e75e3801c4d8488b59e16619fd)

1 / 68      (Adware)
http://gigabase.info/.../download.exe  (8498295a2c97831a973ad277db88fc8e)

1 / 68      (Adware)
http://gigabase.info/.../download.exe  (54a5e0cbdd0a6d5c6db62997cb0934d9)

The following websites host and distribute files published by Fedorov Paul.

gigabase.info

The certificates below are also signed by Fedorov Paul.

1F1C6CD90A38CE2585B8E44D4C5B4372  (Nov 07, 2014 to Nov 05, 2015)

4775A986F383176992FD70C1405B2DEA  (Sep 30, 2013 to Oct 17, 2014)

The following publishers (by Authenticode signature organization name) are related.

Macte! Labs, Inc.

Ivan Malygin

OOO Antaris

* Note, the details and description above are based on the code signing digital signature issued to Fedorov Paul by Thawte, Inc. on August 28, 2012 with the serial number '702d4055ee5cc734192dcbdffe7ae8e1'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.