home

4c500afaf8.exe

Wsys Control

Hefei Feiqiu Info Tech Ltd

The application 4c500afaf8.exe, “Wsys Control 10.2.1.2652” by Hefei Feiqiu Info Tech has been detected as adware by 24 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
Wsys Co., Ltd.  (signed by Hefei Feiqiu Info Tech Ltd)

Product:
Wsys Control

Description:
Wsys Control 10.2.1.2652

Version:
10.2.1.2652

MD5:
97a1b2c9f75ad1e47264779240c90090

SHA-1:
f7910db30eed14b2040edee82e119422f8cdd235

SHA-256:
7703b301d54e1c29c635f35425fcf26f8d4c3b5b2b774be6b4746c02dfd6a6f0

Scanner detections:
24 / 68

Status:
Adware

Analysis date:
4/25/2024 11:40:08 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Wysotot
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2014.01.05

Avira AntiVirus
Adware/ELEX.W
7.11.123.138

AVG
Generic35
2014.0.3618

Baidu Antivirus
Adware.Win32.Elex
4.0.3.131221

Bkav FE
HW32.CDB
1.3.0.4613

Comodo Security
Application.Win32.ELEX.~A
17555

ESET NOD32
Win32/ELEX (variant)
7.9252

Fortinet FortiGate
W32/VMProtBad.A!tr
12/21/2013

IKARUS anti.virus
Trojan.Win32.Wysotot
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10735

Kaspersky
Trojan.Win32.Agentb
14.0.0.4570

Malwarebytes
PUP.Optional.Wsys.A
v2013.12.21.10

McAfee
Trojan-FDFA!97A1B2C9F75A
5600.7274

Microsoft Security Essentials
Trojan:Win32/Wysotot.A
1.165.247.01

Norman
Troj_Generic.QOKNX
11.20131221

Quick Heal
Trojan.Wysotot
12.13.12.00

Reason Heuristics
PUP.HefeiFeiqiuInfoTech.K
14.8.7.21

Sophos
Mal/VMProtBad-A
4.96

Trend Micro House Call
TROJ_STASER.AB
7.2.355

Trend Micro
TROJ_STASER.AB
10.465.21

Vba32 AntiVirus
AdWare.WinLNK.Clicker
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25102

ViRobot
Adware.Agent.1706100
2011.4.7.4223

File size:
1.6 MB (1,706,100 bytes)

Product version:
10.2.1.2652

Copyright:
Copyright (C) 2013

Original file name:
Wsys.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\6364e335e2d44c65827924b9512d05ea\4c500afaf8.exe

Digital Signature
Signed by:
Hefei Feiqiu Info Tech Ltd

Subject:
CN=Hefei Feiqiu Info Tech Ltd, O=Hefei Feiqiu Info Tech Ltd, L=Hefei, S=Anhui, C=CN

Serial number:
1121A8F6A7632C724D88736384B606088061

File PE Metadata
Compilation timestamp:
10/8/2013 12:45:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:oX9xZP8h7sbnOXfHfcrlwulWg5R7jdcgQ17uIjjy2lrV/7kaRBpED:4EhqMwGufDcgQkIiYZj3RPu

Entry address:
0x1E83E8

Entry point:
E8, 32, E6, FF, FF, 22, 2E, 8A, D1, A9, FE, 86, 4F, AC, AC, B3, 24, A8, B0, 98, 20, 50, B0, 48, 58, 4C, 70, DF, 12, D7, D6, 7E, BD, 37, 40, BF, 78, 90, DB, 10, A9, 76, 3C, 1A, 7C, 53, 22, D7, 56, FE, EF, 90, FD, 5C, 34, 9E, 36, 39, F9, 78, 99, F2, 5F, 9F, 04, 25, D2, B0, 90, 39, 44, 7C, 0D, 63, A3, 51, C0, FA, 31, B6, 42, E3, 17, FB, EF, 14, 13, 9C, 97, 16, 17, A3, C5, 35, DE, 46, 72, 99, 90, 98, 7A, 72, C0, 16, 4C, 9B, C6, A6, DD, 04, BB, 16, AD, 20, FF, 8E, 51, 83, 33, 2E, 5D, 5E, 0F, B1, ED, C6, 23, 81...
 
[+]

Entropy:
7.9970  (probably packed)

Code size:
235 KB (240,640 bytes)

Remove 4c500afaf8.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.