home

zeds dead - dead of winter mix.mp3.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application zeds dead - dead of winter mix.mp3.exe by Stepan Rybin has been detected as adware by 30 anti-malware scanners. The file has been seen being downloaded from dragonset.info and multiple other hosts.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
b4e4292cec6f4fe85c990fb927ba8eb1

SHA-1:
d674f18043173c5917fea81e254c8c778568ce3e

SHA-256:
7e3ce296992f1f1579cd50e9312671a2ad56618318b8bf7be5e8e6722317ede8

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
11/27/2024 12:51:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.7658
623

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.03.14

Avira AntiVirus
PUA/MultiPlug.11245
7.11.217.16

avast!
Win32:MultiPlug-TP [PUP]
2014.9-150522

AVG
Generic6
2016.0.3101

Bitdefender
Gen:Variant.Adware.Mikey.7658
1.0.20.710

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.MultiPlug.YTRA
21400

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.7658
8.15.05.22.07

ESET NOD32
Win32/Adware.MultiPlug.ES (variant)
9.11317

Fortinet FortiGate
Adware/MultiPlug
5/22/2015

F-Prot
W32/S-d56eee43
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mikey
11.2015-22-05_6

G Data
Gen:Variant.Adware.Mikey.7658
15.5.25

K7 AntiVirus
Unwanted-Program
13.200.15259

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
14.0.0.2001

Malwarebytes
PUP.Optional.MultiPlug.A
v2015.05.22.07

McAfee
MultiPlug-FVQ
5600.6757

MicroWorld eScan
Gen:Variant.Adware.Mikey.7658
16.0.0.426

NANO AntiVirus
Trojan.Win32.DownLoader12.dnxpoq
0.30.0.296

Panda Antivirus
Trj/CI.A
15.05.22.07

Qihoo 360 Security
Win32/Virus.Multi.0d0
1.0.0.1015

Reason Heuristics
PUP.WebPick.StepanRybin
15.5.22.15

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15520

Sophos
MultiPlug
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00C615
7.2.142

Trend Micro
TROJ_GEN.F0C2C00C615
10.465.22

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38402

Zillya! Antivirus
Adware.MultiPlug.Win32.196621
2.0.0.2098

File size:
1.1 MB (1,118,920 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\zeds dead - dead of winter mix.mp3.exe

Digital Signature
Signed by:
Stepan Rybin

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 4:37:40 AM

Valid to:
6/27/2015 4:37:40 AM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
11/11/2012 9:55:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:A+BzGkLJWB2lX6qYnsSMT/CePjBPbO0t3G6Je7ReWCSy8HdYzyo0/V9H:dBTNblXrVbT7rt3Q79HyONV

Entry address:
0xB5D99

Entry point:
E8, FE, 13, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, B3, 4F, 00, E8, 11, 19, 00, 00, E8, CB, 15, 00, 00, 0F, B7, F0, 6A, 02, E8, 91, 13, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 40, 03, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.4157

Code size:
748 KB (765,952 bytes)

The file zeds dead - dead of winter mix.mp3.exe has been seen being distributed by the following 2 URLs.

http://dragonset.info/v2921?self_redirect=0&product_name=Zeds Dead - Dead of Winter Mix.mp3&filesize=1mb&product_title=Zeds Dead - Dead of Winter Mix.mp3&installer_file_name=Zeds Dead - Dead of Winter Mix.mp3&product_file_name=Zeds Dead - Dead of Winter Mix.mp3&product_download_url=http://srv69.clipconverter.cc/download/.../Zeds Dead - Dead of Winter Mix.mp3

http://dragonset.info/v2921?self_redirect=0&product_name=Zeds Dead - Dead of Winter Mix.mp3&filesize=1mb&product_title=Zeds Dead - Dead of Winter Mix.mp3&installer_file_name=Zeds Dead - Dead of Winter Mix.mp3&product_file_name=Zeds Dead - Dead of Winter Mix.mp3&product_download_url=http://srv69.clipconverter.cc/download/.../Zeds Dead - Dead of Winter Mix.mp3

Remove zeds dead - dead of winter mix.mp3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.