home

dailywiki.exe

DailyWiki

The application dailywiki.exe by DailyWiki has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. This file is typically installed with the program DailyWiki - DailyWiki for Desktop by DailyWiki.
Publisher:
DailyWiki  (signed and verified)

MD5:
ea9c8d601624b7909bc23e601f6efe96

SHA-1:
3e3a4c86f5f41742c9e3103d30702e246ccd3a99

SHA-256:
0492a53b7abc2ceb454fb05447a324634ef318899689891f32508b466f5730f3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 3:28:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DailyWik (M)
16.6.30.20

File size:
47.9 MB (50,242,256 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature
Signed by:
DailyWiki

Authority:
DailyWiki

Valid from:
9/19/2015 12:16:51 PM

Valid to:
9/16/2025 12:16:51 PM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/20/2016 4:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:SuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQpYnK4S:TwC64r1c6ZgnUSrLpbUAdBUQq6/BLFYI

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyWiki

Command:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su


The file dailywiki.exe has been discovered within the following program.

DailyWiki - DailyWiki for Desktop  by DailyWiki
About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a92-123-180-192.deploy.akamaitechnologies.com  (92.123.180.192:80)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.90:80)

TCP (HTTP SSL):
Connects to ncaa.com.102.122.2o7.net  (63.140.36.145:443)

TCP (HTTP):
Connects to a92-123-180-194.deploy.akamaitechnologies.com  (92.123.180.194:80)

TCP (HTTP):
Connects to a92-123-180-193.deploy.akamaitechnologies.com  (92.123.180.193:80)

TCP (HTTP):
Connects to a92-123-180-115.deploy.akamaitechnologies.com  (92.123.180.115:80)

TCP (HTTP):
Connects to 80.211.186.35.bc.googleusercontent.com  (35.186.211.80:80)

TCP (HTTP):
Connects to www.netkeepers.com  (209.29.151.51:80)

TCP (HTTP SSL):
Connects to server-54-230-197-112.lhr50.r.cloudfront.net  (54.230.197.112:443)

TCP (HTTP SSL):
Connects to server-52-85-63-206.lhr50.r.cloudfront.net  (52.85.63.206:443)

TCP (HTTP):
Connects to server-52-85-59-26.lhr50.r.cloudfront.net  (52.85.59.26:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-fra3.facebook.com  (31.13.93.36:443)

TCP (HTTP):
Connects to ec2-54-68-200-130.us-west-2.compute.amazonaws.com  (54.68.200.130:80)

TCP (HTTP):
Connects to ec2-54-174-247-15.compute-1.amazonaws.com  (54.174.247.15:80)

TCP (HTTP):
Connects to ec2-52-3-215-241.compute-1.amazonaws.com  (52.3.215.241:80)

TCP (HTTP):
Connects to ec2-52-29-11-13.eu-central-1.compute.amazonaws.com  (52.29.11.13:80)

TCP (HTTP):
Connects to ec2-52-202-119-97.compute-1.amazonaws.com  (52.202.119.97:80)

TCP (HTTP SSL):
Connects to a92-123-180-201.deploy.akamaitechnologies.com  (92.123.180.201:443)

TCP (HTTP SSL):
Connects to yts2.yql.vip.bf1.yahoo.com  (98.137.201.232:443)

TCP (HTTP):
Connects to server-52-85-63-28.lhr50.r.cloudfront.net  (52.85.63.28:80)

Remove dailywiki.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.