» dailywiki.exe
Overview
Analysis
File Details
Behaviors (1)
Network (35)

dailywiki.exe

DailyWiki

The executable dailywiki.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. While running, it connects to the Internet address a-0001.a-msedge.net on port 80 using the HTTP protocol.

File name:

dailywiki.exe

Publisher:

DailyWiki (signed and verified)

MD5:

2ef3b1ed52ca2537a34626c0c912ae22

SHA-1:

df320cc720f906292e65d9a7685e57e022c4d0d8

SHA-256:

67790a01d6c45a50032a7f2121375b2400166cf0b9457f41545273230a7a001c

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/26/2024 3:20:27 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.12.1.16

File size:

45.6 MB (47,826,568 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature

Signed by:

DailyWiki

Authority:

DailyWiki

Valid from:

9/19/2015 12:16:51 PM

Valid to:

9/16/2025 12:16:51 PM

Subject:

CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:

CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:

00DE81C7E6A224F568

File PE Metadata

Compilation timestamp:

2/20/2016 4:43:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:luK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQpBtd:owC64r1c6ZgnUSrLpbUAdBUQq6/BLF7d

Entry address:

0x1C9A031

Entry point:

E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DailyWiki

Command:

C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to r-199-59-150-10.twttr.com (199.59.150.10:443)

TCP (HTTP):

Connects to dmppixel-shared-mtc-c.evip.aol.com (64.12.245.38:80)

TCP (HTTP SSL):

Connects to a23-13-224-207.deploy.static.akamaitechnologies.com (23.13.224.207:443)

TCP (HTTP SSL):

Connects to a104-119-136-194.deploy.static.akamaitechnologies.com (104.119.136.194:443)

TCP (HTTP SSL):

Connects to a104-119-132-51.deploy.static.akamaitechnologies.com (104.119.132.51:443)

TCP (HTTP):

Connects to a104-119-104-165.deploy.static.akamaitechnologies.com (104.119.104.165:80)

TCP (HTTP):

Connects to pages-wildcard.weebly.com (199.34.228.53:80)

TCP (HTTP SSL):

Connects to m-prd-umpxl-adcom-mtc-b.evip.aol.com (149.174.28.143:443)

TCP (HTTP SSL):

Connects to m-prd-req-adcom-mtc-b.evip.aol.com (149.174.28.138:443)

TCP (HTTP SSL):

Connects to m-prd-pxl-shared-mr1-blue-b.evip.aol.com (152.163.51.2:443)

TCP (HTTP SSL):

Connects to at.amdgt.com (207.171.14.211:443)

TCP (HTTP SSL):

Connects to a92-123-180-75.deploy.akamaitechnologies.com (92.123.180.75:443)

TCP (HTTP SSL):

Connects to a92-123-180-194.deploy.akamaitechnologies.com (92.123.180.194:443)

TCP (HTTP SSL):

Connects to a92-123-180-179.deploy.akamaitechnologies.com (92.123.180.179:443)

TCP (HTTP SSL):

Connects to a92-123-180-178.deploy.akamaitechnologies.com (92.123.180.178:443)

TCP (HTTP SSL):

Connects to a104-94-32-34.deploy.static.akamaitechnologies.com (104.94.32.34:443)

TCP (HTTP):

Connects to a104-64-68-122.deploy.static.akamaitechnologies.com (104.64.68.122:80)

TCP (HTTP):

Connects to a104-123-7-65.deploy.static.akamaitechnologies.com (104.123.7.65:80)

TCP (HTTP SSL):

Connects to a104-119-112-139.deploy.static.akamaitechnologies.com (104.119.112.139:443)

TCP (HTTP SSL):

Connects to a104-119-104-169.deploy.static.akamaitechnologies.com (104.119.104.169:443)

Remove dailywiki.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.