home

dwh4a8a.exe

Fly Elise-ng

Publisher:
Fly Elise-ng  (signed and verified)

MD5:
1a85c0c02c460ea16dd2a60b84e1861c

SHA-1:
35b8b8583263f700e408d530258fea3f9e7e7cbf

SHA-256:
5eabebb99c3be85b1c54ad2927efd607ac3ade9467e748481ee454161ec1310c

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/23/2024 11:34:57 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Packed.Enigma.AAA (variant)
9.9920

Fortinet FortiGate
PossibleThreat
3/11/2015

IKARUS anti.virus
Virus.Win32.Vundo
t3scan.1.6.1.0

Panda Antivirus
Trj/Thed.E
15.03.11.09

Qihoo 360 Security
Win32/Trojan.406
1.0.0.1015

File size:
2.9 MB (3,086,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\dwh4a8a.exe

Digital Signature
Signed by:
Fly Elise-ng

Authority:
COMODO CA Limited

Valid from:
2/18/2013 12:00:00 AM

Valid to:
2/18/2015 11:59:59 PM

Subject:
CN=Fly Elise-ng, O=Fly Elise-ng, STREET=Grasstrook 24, L=Eindhoven, S=Noord-Brabant, PostalCode=5658 HG, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
028EC5E313569430CBC13EFE3F4BA406

File PE Metadata
Compilation timestamp:
5/24/2013 10:09:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:SS+RvARgYWsftXhfFg6lyb+tEss/K0P/T+c9AxyH8CBM+5jyaKbJ2wwiOBv6xbMK:S/IRFvFgzWs/f79P1BMgjyaKbYwwiOBs

Entry address:
0x19A47

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, A1, 44, 7E, 00, 73, 5A, 78, E9, A4, 32, 46, 1E, 96, 88, F8, 98, 66, AD, 45, 99, A2, 44, 0D, 11, 36, 85, 99, 54, E5, 85, 52, 32, 13, 7E, 86, 46, E4, 49, 1B, 97, 3B, F5, 24, AA, 59, 76, 20, 26, 67, 68, 76, AB, 36, 8E, 10, FC, B0, A1, 6D, 35, 93, 86, 5F, 3F, 38, DF, E5, DD, B3, 9D, 22, 26, E9, 31, 95, 07, 6C, 7F, A8, 7E, 9A, 1D, 31, 4E, 61, 5B, 42, 5C, 60, 6A, EB, 09, A4, F5, 53, 7B, EE, 20, AD, 0D, 2E, A6, 30, 28...
 
[+]

Entropy:
7.9800

Developed / compiled with:
Microsoft Visual C++

Code size:
2.9 MB (3,067,904 bytes)

Scan dwh4a8a.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.