home

i.wecan-software.com

Domain Information

Server location:
Washington, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:
wecan-software.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.LocalWeather.Z, PUP.SuperDownloads.F, PUP.Installer.Iminent.H, PUP.Installer.LocalWeather.F, PUP.FastFreeInstall.L
100.00%

Trend Micro House Call
TROJ_GEN.F47V1203, TROJ_GEN.F47V0122, Suspicious_GEN.F47V0828, TROJ_GE.6E5867BF, Suspicious_GEN.F47V0805, Suspicious_GEN.F47V1029
75.00%

VIPRE Antivirus
Wajam, Rocketfuel Installer, Threat.4120919
75.00%

Malwarebytes
PUP.Optional.Wajam, PUP.Optional.Iminent.A, PUP.Optional.StormWatch.A, PUP.Optional.Linkey.A
62.50%

Dr.Web
Adware.Searcher.2542, Threat.Undefined, Adware.Toolbar.246
37.50%

McAfee
Artemis!CDC339910694, SearchSuite
25.00%

Norman
Downloader, Virut.CLHZ
25.00%

ESET NOD32
Win32/Wajam, Win32/Toolbar.SearchSuite (variant)
25.00%

Zillya! Antivirus
Trojan.Win32.1DB12147, Adware.SearchSuite.Win64.549
25.00%

F-Prot
W32/A-77a4fa28, W32/SearchSuite.A.gen
25.00%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen, Virus.Virut.06
25.00%

Qihoo 360 Security
HEUR/Malware.QVM06.Gen, Win32/Virus.WebToolbar.d3d
25.00%

MicroWorld eScan
Trojan.Generic.11959248, Win32.Virtob.Gen.12
25.00%

nProtect
Trojan.Generic.11959248, Virus/W32.Virut.Gen
25.00%

Bitdefender
Trojan.Generic.11959248, Win32.Virtob.Gen.12
25.00%

The domain i.wecan-software.com has been seen to resolve to the following 38 IP addresses.

52.84.125.146
server-52-84-125-146.iad16.r.cloudfront.net
June 28, 2016

52.84.125.32
server-52-84-125-32.iad16.r.cloudfront.net
June 28, 2016

52.84.125.18
server-52-84-125-18.iad16.r.cloudfront.net
June 28, 2016

52.84.125.236
server-52-84-125-236.iad16.r.cloudfront.net
June 28, 2016

52.84.125.211
server-52-84-125-211.iad16.r.cloudfront.net
June 28, 2016

52.84.125.177
server-52-84-125-177.iad16.r.cloudfront.net
June 28, 2016

52.85.131.124
server-52-85-131-124.iad53.r.cloudfront.net
June 6, 2016

52.85.131.111
server-52-85-131-111.iad53.r.cloudfront.net
June 6, 2016

52.85.131.106
server-52-85-131-106.iad53.r.cloudfront.net
June 6, 2016

52.85.131.80
server-52-85-131-80.iad53.r.cloudfront.net
June 6, 2016

52.85.131.45
server-52-85-131-45.iad53.r.cloudfront.net
June 6, 2016

52.85.131.173
server-52-85-131-173.iad53.r.cloudfront.net
June 6, 2016

52.85.131.144
server-52-85-131-144.iad53.r.cloudfront.net
June 6, 2016

52.85.131.131
server-52-85-131-131.iad53.r.cloudfront.net
June 6, 2016

52.85.142.224
server-52-85-142-224.iad12.r.cloudfront.net
May 27, 2016

52.85.142.170
server-52-85-142-170.iad12.r.cloudfront.net
May 27, 2016

52.85.142.95
server-52-85-142-95.iad12.r.cloudfront.net
May 27, 2016

52.85.142.73
server-52-85-142-73.iad12.r.cloudfront.net
May 27, 2016

52.85.142.70
server-52-85-142-70.iad12.r.cloudfront.net
May 27, 2016

52.85.142.52
server-52-85-142-52.iad12.r.cloudfront.net
May 27, 2016

52.85.142.46
server-52-85-142-46.iad12.r.cloudfront.net
May 27, 2016

52.85.142.12
server-52-85-142-12.iad12.r.cloudfront.net
May 27, 2016

52.84.125.217
server-52-84-125-217.iad16.r.cloudfront.net
May 16, 2016

52.84.125.162
server-52-84-125-162.iad16.r.cloudfront.net
May 16, 2016

52.84.125.135
server-52-84-125-135.iad16.r.cloudfront.net
May 16, 2016

52.84.125.96
server-52-84-125-96.iad16.r.cloudfront.net
May 16, 2016

52.84.125.85
server-52-84-125-85.iad16.r.cloudfront.net
May 16, 2016

52.84.125.51
server-52-84-125-51.iad16.r.cloudfront.net
May 16, 2016

52.84.125.234
server-52-84-125-234.iad16.r.cloudfront.net
May 16, 2016

52.84.125.232
server-52-84-125-232.iad16.r.cloudfront.net
May 16, 2016

 
Showing 30 of 38 IP Addresses

File downloads found at URLs served by i.wecan-software.com.

4 / 68      (PUP)
http://i.wecan-software.com/inst/software/84D018F4-FBB4-4B41-BAD1-BBB14605F052/.../Setup.exe  (391954d046a69618d7c0dc28d43faa20)

3 / 68      (Adware)
http://i.wecan-software.com/inst/software/1B7DC43F-EB3D-4632-9998-B29D1443A8EA/.../Setup.exe  (4766a97eca7e657d3414c107fedc5cc6)

2 / 68      (Adware)
http://i.wecan-software.com/inst/software/E32D8642-64BA-4503-A2FB-D1A7DABC2D2F/.../DesktopWeatherAlertsSetup.exe  (ac1e1fe274c2ba03427c4003c196d7f9)

8 / 68      (Adware)
http://i.wecan-software.com/inst/software/58469E13-5DA8-4677-8D99-59C645547170/.../wajam_download.exe  (wajam.exe)

3 / 68      (Adware)
http://i.wecan-software.com/inst/software/1B7DC43F-EB3D-4632-9998-B29D1443A8EA/.../Setup.exe  (5aa07bc79c99a89f2740114ddcda2423)

2 / 68      (PUP)
http://i.wecan-software.com/inst/software/B4370218-A177-4FB6-9440-0CAD870E6C31/.../Iminent.exe  (123774b7321b119e49c8a2740fd5eec5)

37 / 68    (Adware)
http://i.wecan-software.com/inst/software/D933CCEB-B2B6-4823-A61F-48B49785D3D3/.../SettingsManagerSetup.exe  (0fbc3afa675b4cfded4b4a455b27b45e)

17 / 68    (Adware)
http://i.wecan-software.com/inst/software/58469E13-5DA8-4677-8D99-59C645547170/.../WIE_2.15.2.5.exe  (wxkeg45p.4r3.exe)

The following 39 files have been seen to comunicate with i.wecan-software.com in live environments.

TCP » 52.85.142.224:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.146:443
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.84.125.211:443
clearscreenplayerbrowser.exe

TCP » 52.84.125.18:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.162:80
browser.exe (speed browser by Smart Applications)

TCP » 52.84.125.85:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.84.125.18:80
bobrowser.exe (BoBrowser by The BoBrowser Authors)

TCP » 52.84.125.211:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.142.70:443
clearscreenplayerbrowser.exe

TCP » 52.84.125.234:443
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.85.131.106:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.84.125.146:443
UCBrowser.exe (by UCWeb)

TCP » 52.84.125.96:80
clearscreenplayerbrowser.exe

TCP » 52.85.142.12:443
browser.exe (Browser)

TCP » 52.85.142.46:443
browser.exe (Browser)

TCP » 52.85.142.12:443
online-guardian-v2.0.9.exe

TCP » 52.85.142.12:80
new_chrome.exe (1stBrowser by The 1stBrowser Authors)

TCP » 52.85.142.46:80
GPlayer.exe (by Exent Technologies)

TCP » 52.85.142.70:443
citrio.exe (Citrio by CatalinaGroup)

TCP » 52.85.142.46:443
whatsapptime.exe

 
Latest 20 of 90 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.