» 1214.malware
Overview
Analysis
File Details

1214.malware

WindowNetworkManager

enliple Ltd.

The file 1214.malware by enliple has been detected as a potentially unwanted program by 23 anti-malware scanners.

File name:

1214.malware

Publisher:

enliple Ltd. (signed and verified)

Product:

WindowNetworkManager

Version:

7.06

MD5:

defd8bceae321ce2b221cfeb74e8b227

SHA-1:

4aa4416ec8319593d1ffb104c52907f4a256a09c

SHA-256:

bc328814e0da01115ba350bca28f77c43d0b9a2b42ff6836fdbcdbe51a6729b6

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:22:15 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Graftor

7.1.1

AhnLab V3 Security

PUP/Win32.WindowNM

2014.03.07

Avira AntiVirus

TR/Symmi.33014.33

7.11.135.48

AVG

VBCrypt

2015.0.3308

Bkav FE

W32.Clodb1e.Trojan

1.3.0.4959

Comodo Security

Application.Win32.AdWare.KRADDARE

17893

Dr.Web

BACKDOOR.Trojan

9.0.1.0301

ESET NOD32

Win32/AdWare.Kraddare.JC (variant)

8.9509

Fortinet FortiGate

Riskware/Kraddare

10/28/2014

IKARUS anti.virus

Worm.Win32.WBNA

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.176.11367

Kaspersky

Worm.Win32.WBNA

14.0.0.3034

Malwarebytes

Adware.Korad

v2014.10.28.03

McAfee

Artemis!DEFD8BCEAE32

5600.6964

NANO AntiVirus

Trojan.Win32.Graftor.cqthaf

0.28.0.58101

nProtect

Adware/W32.Agent.1191784

14.03.06.01

Qihoo 360 Security

Win32/Worm.8c3

1.0.0.1015

Reason Heuristics

PUP.enliple.L

14.10.28.3

Sophos

Generic PUA EK

4.98

Trend Micro House Call

TROJ_GEN.F47V1122

7.2.301

Vba32 AntiVirus

Worm.WBNA

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

27136

XVirus List

Win32.Detected

2.10.28

File size:

1.1 MB (1,191,784 bytes)

Product version:

7.06

Original file name:

WindowNetworkManager.exe

Digital Signature

Signed by:

enliple Ltd.

Authority:

Thawte, Inc.

Valid from:

6/26/2013 9:00:00 AM

Valid to:

6/27/2015 8:59:59 AM

Subject:

CN=enliple Ltd., OU=Internet Dept, O=enliple Ltd., L=Guro-gu, S=SEOUL, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

178A151BFE91D2CFD345640D3EE64736

File PE Metadata

Compilation timestamp:

11/22/2013 2:28:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:M/h64iPOoqbcAplU8mMS8bJhghDIzmpLNrBUdGOfZx:3OrcAplU8mMS8bAhEdGOf/

Entry address:

0x6A5C

Entry point:

68, 9C, 3C, 44, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, B3, DA, 05, 3E, 73, 14, B8, 41, 97, A6, A7, 44, 23, 0B, FB, 18, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 57, 69, 6E, 64, 6F, 77, 4E, 65, 74, 77, 6F, 72, 6B, 4D, 61, 6E, 61, 67, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 70, B5, A5, 21, CE, 02, 5A, B8, 43, A4, F3, DA, 5A, 1D, FD, D3, CB, 80, 34, D6, B8, 7E, 2B, 88, 4B, 83, 18, 35, F0, 15, 64, CE, A6, 3A, 4F, AD... 
[+]

Entropy:

5.9093

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

912 KB (933,888 bytes)

Remove 1214.malware - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.