GridinSoft Threat Intelligence

$REP4X6O.exe threat report

Detected as PUP.uBar File reputation report

» File
File Details
Overview
Analysis

Status PUP.uBar

Identity 2f5b7eba5dbb1f13e1a9a3962587c6b0

Source GridinSoft ThreatInfo

MD5 2f5b7eba5dbb1f13e1a9a3962587c6b0

Latest seen 2021-02-01 14:20:27 (5 years ago)

First seen 2018-02-03 09:11:11 (8 years ago)

Size 2 MB

Publisher uBar

Product uBar

Signed by IP Iaroslavskii Anton Andreevich

Analyst brief

What this report says

GridinSoft Anti-Malware detects $REP4X6O.exe as PUP.uBar. The sample was last observed on 2021-02-01 14:20:27 (5 years ago) and reports publisher metadata associated with uBar / uBar.

This page combines the detection verdict with file identity, publisher metadata, alternate names, observed paths, geography, OS signals, and PE details so the report reads as a triage record rather than a standalone download page.

GridinSoft Anti-Malware detection

Detected by GridinSoft before you download

The current ThreatInfo record shows this exact file hash detected as PUP.uBar. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.

Detection name: PUP.uBar
Recommended action: Scan and remove
Last analysis: 2021-02-01 14:20:27 (5 years ago)
File hash: 2f5b7eba5dbb1f13e1a9a3962587c6b0

Download Anti-Malware

Why it matters

Why GridinSoft flags this file

Detection

GridinSoft identifies the sample as PUP.uBar.

Timeline

First seen 2018-02-03 09:11:11 (8 years ago); latest analysis 2021-02-01 14:20:27 (5 years ago).

Publisher context

Company metadata: uBar. Product metadata: uBar.

Digital signature

Signed by IP Iaroslavskii Anton Andreevich. The signature is reported as valid, but signed files can still be bundled or abused.

Aliases

This hash has appeared under multiple file names, which can happen with repackaging, bundling, or deliberate renaming.

Observed locations

ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.

Recommended action

What to do next

Compare the MD5 above with the file found on the device.
Check whether the file appears in the observed locations or under one of the alternate names.
Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.

File context

$REP4X6O.exe is a Windows file recorded in the ThreatInfo database. It is associated with uBar. The reported company name is uBar. The current detection status is PUP.uBar, based on the latest analysis from 2021-02-01 14:20:27 (5 years ago).

If $REP4X6O.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as PUP.uBar.

File Details

Main Info:

Product Name:	uBar
Company Name:	uBar
MD5:	2f5b7eba5dbb1f13e1a9a3962587c6b0
Size:	2 MB
First Published:	2018-02-03 09:11:11 (8 years ago)
Latest Published:	2021-02-01 14:20:27 (5 years ago)

Analysis:

Status:	PUP.uBar (on last analysis)
Analysis Date:	2021-02-01 14:20:27 (5 years ago)

Detection screenshot

The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.

Overview

Digital Signature

Signed By:	IP Iaroslavskii Anton Andreevich
Status:	Valid

The signature on $REP4X6O.exe is reported as valid. A valid signature helps confirm publisher identity, but it does not automatically make the file safe if the installer was bundled, abused, or downloaded from an untrusted source.

Common Places:

%profile%

%desktop%

%temp%

%sysdrive%\$recycle.bin

%desktop%\toshiba 19dl502b2

%sysdrive%\windows.old\$recycle.bin

%sysdrive%\system volume information\_restore{814582d6-4152-4128-b2f0-0ef2c48ad526}

%sysdrive%\asrock\backup set 2017-12-01 190002\backup files 2018-02-01 190002\backup files 15.zip\c\users\antony

%sysdrive%\user

%sysdrive%

ThreatInfo has observed $REP4X6O.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.

File Names:

58 observed names

Microsoft_office_2010_Standard-130221.exe The_Witcher-80496.exe tweaking.com_windows_repair_aio_setup.exe-54070.exe Reg.Org_8.05_serial.rar-439434.exe Winamp_5.666-470153.exe PCHunter_free.zip-146342.exe Dino_Crisis_1_and_2_Playstation-218261.exe Ravenfield_Build_7-217326.exe V-Ray_3.40.03_for_3ds_Max_2015-2017.zip-123975.exe Gamm.3.0.83_key.rar-36296.exe hddregen_tabletka-129342.exe SHunter4.rar-30094.exe S.T.A.L.K.E.R_Shadow_Of_Chernobyl_-_Lost_World_Requital.torrent-65581.exe S.T.A.L.K.E.R.-Shadow-of-Chernobyl.torrent-66400.exe antimm_3.rar-29224.exe vegas14-252_patch-129975.exe Dope_Pack_DrumKit-361812.exe privacy-eraser-330-key-patch-145434.exe $RG3NFE4.exe firmware_Haier_W818-17497 (1).exe firmware_Haier_W818-17497.exe Extreme_Injector_v3.6_-_65_B_4_O_G8B_2-471060.exe aida64extreme5_key_rus.rar-32958.exe Adobe_Photoshop_CC_Final-445957.exe Trojan_Killer-46036.exe Rusik_My_Summer_Car_v23.02.2018-223244.exe winamp5666_full_all.exe-501193 (1).exe WinRAR-241411.exe winamp5666_full_all.exe-501193.exe $R0ENWL0.exe A0173520.exe A0173521.exe torrent-111382.exe Word-16456.exe GTA_Vice_City_Deluxe-8999 (1).exe NHL_15-201826.exe setfsb_2_3_178_134.zip-149525.exe OemKey-446952.exe Uskoritel_komputera3.0.rar-29872.exe kdfe-22981.exe PowerPoint_template-117247.exe Hamachi-19857.exe GarenaTotal-153141.exe Garena_Install-152765.exe Stamp0.85.zip-148355.exe Dig_or_Die_v0.34_Build_608-164091.exe Dig_or_Die_v0.34_Build_608-164091 (1).exe PIDKey_Lite-446885.exe Airline_Tycoon_2-347593 (1).exe KOMPAS-3D_V16_x64.rar-148426.exe Adobe_Photoshop_CS6-167.exe Movavi_Video_Converter_18.1.2.rar-498333.exe Space_Engineers_v1.186.029-284154.exe Hamachi-19857 (1).exe Klyuchi_kis-171541.exe Chipset_AMD_Win81_64_VER1315212000.zip-496737.exe Heroes_of_Might_and_Magic_3.58f_In_The_Wake_Of_Gods_(2004)_PC-48027.exe $REP4X6O.exe

This hash has been seen with multiple file names. Alternate names can appear when software is updated, copied between folders, packed by an installer, or deliberately renamed to avoid recognition. Compare the exact MD5 above before assuming two names refer to the same file.

Geographic signal

Observed country distribution

ThreatInfo has seen $REP4X6O.exe across 13 countries. Use this signal to compare local evidence with where the sample is most often reported.

Top country Russian Federation

Share 71.1%

Low High activity

Top observed countries

71.1%

8.9%

3.3%

2.2%

The strongest geographic signal for this file is Russian Federation with 71.1% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.

OS Version:

Windows 7 44.0%

Windows 10 41.8%

Windows 8.1 9.9%

Windows XP 2.2%

Windows Vista 1.1%

Windows 8 1.1%

The most common operating system signal for $REP4X6O.exe is Windows 7 with 44.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.

Analysis

PE Info:

$REP4X6O.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.

Format pe

Architecture 32-bit

Subsystem Windows GUI

Entry point 0x007fbd20

Image base 0x00400000

PE Sections:

Sections 3

Raw data 2628096

Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.

UPX0 0 bytes · 0.0% of section data

Packer marker Uncommon name

MD5 00000000000000000000000000000000

UPX1 2588672 bytes · 98.5% of section data

Packer marker Uncommon name

MD5 723a4de53a663cb4c2b732824680f07f

.rsrc 39424 bytes · 1.5% of section data

MD5 a91cb3583bc17cd4da1d10178bdb617a

PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.

Report conclusion

GridinSoft detects this file as PUP.uBar

This report identifies $REP4X6O.exe by MD5 2f5b7eba5dbb1f13e1a9a3962587c6b0. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.

Download GridinSoft Anti-Malware Scan the device and confirm whether this exact hash is present. Check this hash on VirusTotal

Recommended next steps

Compare the local file MD5 with 2f5b7eba5dbb1f13e1a9a3962587c6b0.
Check the file path, publisher, and signature against the details in this report.
Run a GridinSoft scan and remove the object if the same hash is found.