» dailywiki.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (25)

dailywiki.exe

DailyWiki

The executable dailywiki.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. This file is typically installed with the program DailyWiki - DailyWiki for Desktop by DailyWiki. While running, it connects to the Internet address 16.45.211.130.bc.googleusercontent.com on port 443.

File name:

dailywiki.exe

Publisher:

DailyWiki (signed and verified)

MD5:

da22ab1f75ea2ce393a84ffd73e6a4e4

SHA-1:

e64b4a027c6429fac5b8de431136e1f05321bd78

SHA-256:

5300ae0ac2ceda243ef1d023d95e94d5804dd9bf2078f9bc50c979ba409a08c6

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

10/31/2024 11:02:44 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.7.31.13

File size:

47.9 MB (50,242,360 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature

Signed by:

DailyWiki

Authority:

DailyWiki

Valid from:

9/19/2015 3:46:51 PM

Valid to:

9/16/2025 3:46:51 PM

Subject:

CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:

CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:

00DE81C7E6A224F568

File PE Metadata

Compilation timestamp:

2/20/2016 9:13:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:8uK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQpH3sII:hwC64r1c6ZgnUSrLpbUAdBUQq6/BLFHc

Entry address:

0x1C9A031

Entry point:

E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

6.9677

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DailyWiki

Command:

C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su

The file dailywiki.exe has been discovered within the following program.

DailyWiki - DailyWiki for Desktop by DailyWiki

About 4% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-255-160-204.ap-southeast-1.compute.amazonaws.com (54.255.160.204:80)

TCP (HTTP):

Connects to ec2-54-195-253-246.eu-west-1.compute.amazonaws.com (54.195.253.246:80)

TCP (HTTP):

Connects to ec2-54-148-136-137.us-west-2.compute.amazonaws.com (54.148.136.137:80)

TCP (HTTP):

Connects to ec2-52-77-63-149.ap-southeast-1.compute.amazonaws.com (52.77.63.149:80)

TCP (HTTP):

Connects to ec2-52-73-123-67.compute-1.amazonaws.com (52.73.123.67:80)

TCP (HTTP SSL):

Connects to ec2-52-69-188-121.ap-northeast-1.compute.amazonaws.com (52.69.188.121:443)

TCP (HTTP SSL):

Connects to ec2-52-193-127-112.ap-northeast-1.compute.amazonaws.com (52.193.127.112:443)

TCP (HTTP SSL):

Connects to ec2-46-137-209-72.ap-southeast-1.compute.amazonaws.com (46.137.209.72:443)

TCP (HTTP):

Connects to ec2-107-23-87-215.compute-1.amazonaws.com (107.23.87.215:80)

TCP (HTTP):

Connects to c0.a2.2ca9.ip4.static.sl-reverse.com (169.44.162.192:80)

TCP (HTTP SSL):

Connects to a23-211-220-201.deploy.static.akamaitechnologies.com (23.211.220.201:443)

TCP (HTTP):

Connects to a23-211-213-77.deploy.static.akamaitechnologies.com (23.211.213.77:80)

TCP (HTTP):

Connects to a104-108-195-23.deploy.static.akamaitechnologies.com (104.108.195.23:80)

TCP (HTTP):

Connects to a104-108-153-110.deploy.static.akamaitechnologies.com (104.108.153.110:80)

TCP (HTTP SSL):

Connects to 16.45.211.130.bc.googleusercontent.com (130.211.45.16:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-sin6.facebook.com (157.240.7.35:443)

TCP (HTTP):

Connects to ec2-54-72-151-68.eu-west-1.compute.amazonaws.com (54.72.151.68:80)

TCP (HTTP):

Connects to ec2-54-171-26-59.eu-west-1.compute.amazonaws.com (54.171.26.59:80)

TCP (HTTP):

Connects to ec2-52-200-239-163.compute-1.amazonaws.com (52.200.239.163:80)

TCP (HTTP):

Connects to xx-fbcdn-shv-01-sin6.fbcdn.net (157.240.7.26:80)

Remove dailywiki.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.