home

{d041c2c7-0aec-4f79-b837-4ccbdb4ad7f1}

WebAppTech Coding LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The file {d041c2c7-0aec-4f79-b837-4ccbdb4ad7f1} by WebAppTech Coding has been detected as adware by 18 anti-malware scanners.
Publisher:
WebAppTech Coding LLC  (signed and verified)

MD5:
084e7882c809df4c05e65f43ce8b0daa

SHA-1:
59e45088a82220464740553557b37e073ee8b99c

SHA-256:
2810d02cee44c1bdfe303833e3158634630ad93436a49a76657359369b0404da

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/18/2024 5:44:58 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.PullUpdate
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.176.88

AVG
Generic
2015.0.3331

Comodo Security
ApplicUnwnt
19685

ESET NOD32
MSIL/Adware.PullUpdate (variant)
8.10501

Fortinet FortiGate
Adware/SaMon
10/5/2014

IKARUS anti.virus
AdWare.SaMon
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13550

Kaspersky
not-a-virus:AdWare.Win32.SaMon
14.0.0.3149

Malwarebytes
PUP.Optional.SearchDonkey.A
v2014.10.05.03

McAfee
Artemis!084E7882C809
5600.6987

NANO AntiVirus
Riskware.Win32.PullUpdate.cwiqgd
0.28.2.62440

Panda Antivirus
Trj/Chgt.A
14.10.05.03

Quick Heal
AdWare.SaMon.g5 (Not a Virus)
10.14.14.00

Reason Heuristics
PUP.WebAppTechCoding.g
14.10.5.3

Sophos
Pull Update
4.98

VIPRE Antivirus
Injekt
33612

Zillya! Antivirus
Adware.SaMon.Win32.7
2.0.0.1941

File size:
1.1 MB (1,161,080 bytes)

Digital Signature
Signed by:
WebAppTech Coding LLC

Authority:
VeriSign, Inc.

Valid from:
12/24/2013 5:30:00 AM

Valid to:
12/25/2014 5:29:59 AM

Subject:
CN=WebAppTech Coding LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WebAppTech Coding LLC, L=Grandville, S=Michigan, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1A6411A4888DF6223DF9C572F9BE2E96

File PE Metadata
Compilation timestamp:
3/21/2014 5:29:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:O82Zzi0VdMJB6NxopGWjPCtnjDwk7zkOYU9HXVIi9JI9TmrHE:I7VuJMNepEwk7zhYU9HXt90TWE

Entry address:
0xACEA4

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E2, D2, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 94, 30, 11, 10, 00, 74, 05, E9, 35, D3, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Entropy:
6.2578

Code size:
805.5 KB (824,832 bytes)

Remove {d041c2c7-0aec-4f79-b837-4ccbdb4ad7f1} - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.