home

Kaydar LLC

Publisher Information

Kaydar LLC is a brand of publishers/developers run by WebPick Internet Holdings Ltd. located in Ramat Ha'Chayal Tel Aviv, Israel. The company is a primary distributor of unwanted software. Kaydar LLC is a developer of WebPick Internet Holdings and publishes a number of adware web browser plugins designed to monitor web browser behavior and inject advertisements (banner, popups, text-links, etc.) in the browser by using the WebPick InstalleRex monetization delivery platform. These programs from Kaydar LLC are typiclaly installed on a variety of names and misspellings and are very difficult to remove. According to WebPick, they use developers to sign their adware in order to "throw off competitors". Thre are 5 additional code signing certificates issued to this publisher.
Authority:
GlobalSign nv-sa

Valid from:
9/29/2014 7:20:51 AM

Valid to:
9/30/2015 7:20:51 AM

Subject:
CN=Kaydar LLC, O=Kaydar LLC, L=Dnipropetrovsk, C=UA

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121fb2357192451d5b3ce70f91ab97b8beb

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.WebPick, PUP.WebPick.Kaydar (M), PUP.WebPick.Kaydar.Bundler (M), PUP.WebPick (M)
100.00%

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.30
6.25%

McAfee
Program.MultiPlug-FVJ
6.25%

ESET NOD32
Win32/Adware.MultiPlug.EP application
6.25%

Dr.Web
Trojan.Crossrider1.17577
6.25%

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.30
6.25%

avast!
Win32:MultiPlug-UI [PUP]
6.25%

MicroWorld eScan
Gen:Variant.Adware.Mplug.30
6.25%

K7 AntiVirus
Unwanted-Program
6.25%

Bitdefender
Gen:Variant.Adware.Mplug.30
6.25%

1 / 68      (Adware)
cotton_fantastic_night_dreams_ntsc_j_hcd3043.exe  (c12b5fcaee4d5f2d281c914ff24aa608)

1 / 68      (Adware)
impulsemodeler.exe  (cfe76d427d76e85267780a037a9db992)

1 / 68      (Adware)
pokemon_emerald_version_usa_europe.exe  (04b716cd42158050523b48ab6c46c9ae)

1 / 68      (Adware)
pokemon_emerald_version_usa_europe.exe  (9e588b614369ec028ec013b03abe7fe5)

1 / 68      (Adware)
pokemon_black_version_2_usa_europe_ndsi_enhanced.exe  (ab8bebfaffa3a1faad5ccff9d02abcdc)

1 / 68      (Adware)
loveroms_pokemon - emerald version (u).zip.exe  (c5d027d8fff88989f2313979d456b77f)

1 / 68      (Adware)
gba_bios.zip.exe  (ee8cb6ce0cca24c9cc120ecde6a57e96)

1 / 68      (Adware)
fecc72f9630f.exe  (0b919d1b4f6a9662550043a625c98461)

1 / 68      (Adware)
870595c19d.exe  (209966df7d4365f7aeee2435f491f42c)

1 / 68      (Adware)
391dc2f.exe  (9b279883ff48d48c23c50d66bc8646ca)

1 / 68      (Adware)
yu_gi_oh_gx_tag_force_2_u_eminent.exe  (c625ae09fe4b893472cc9584f10c43cc)

1 / 68      (Adware)
pokemon_gold_u_c.exe  (8d05e8f8fcb22a24e122e4756692d975)

1 / 68      (Adware)
save our planet.exe (Live Green Now by South Beach Software)  (3bfe05e5a6fc1fcd9596a94db5f6be29)

1 / 68      (Adware)
13dd4.exe  (c015222e9e1b9773c7a72e929e1f24b4)

1 / 68      (Adware)
skyforcehd133.apk.exe  (8eb7a079fe30bb2b0420efbf6c494a1f)

20 / 68    (Adware)
nero-7.11.10.0c_all_update.exe  (fb24d1a1c279077adc9e180d73b74512)

Downloads URLs for files signed by Kaydar LLC.

1 / 68      (Adware)
http://bird-search.org/.../Save Our Planet.exe  (3bfe05e5a6fc1fcd9596a94db5f6be29)

The following websites host and distribute files published by Kaydar LLC.

bird-search.org

The certificates below are also signed by Kaydar LLC.

112109824947EEBE3F519867CEEA65CE42CD  (Jan 28, 2015 to Jan 29, 2016)

11212721EB8D890641EA7B2814E2D3271368  (Sep 29, 2014 to Sep 30, 2015)

1121B6A21E20070BBBE8F29381995228CCD8  (Sep 23, 2014 to Sep 24, 2015)

11217A57B813A060AF912C2EFE9F51A75C3B  (Feb 12, 2015 to Sep 24, 2015)

0B256AE52C0F24B0011DF17AE6C07FC6  (Oct 05, 2014 to Sep 22, 2015)

* Note, the details and description above are based on the code signing digital signature issued to Kaydar LLC by GlobalSign nv-sa on September 29, 2014 with the serial number '1121fb2357192451d5b3ce70f91ab97b8beb'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.