» hwidgen.exe
Overview
Analysis
File Details

hwidgen.exe

The executable hwidgen.exe has been detected as malware by 9 anti-virus scanners. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot.

File name:

hwidgen.exe

MD5:

151e71890e3a6cc687a25140cd4b52cd

SHA-1:

06c522655b57d6f7ef50c9df66b909c112da9a00

SHA-256:

95499543fb85bfae2fd63a0347d3ff56d3f94cb8810c3847a5b3c32fda2d6d08

Scanner detections:

9 / 68

Status:

Malware

Explanation:

Part of a backdoor IRC bot network.

Analysis date:

5/7/2024 8:19:34 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.TPM.Gen

8.3.3.4

avast!

Win32:Evo-gen [Susp]

2014.9-170316

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17316

Bkav FE

W32.HfsAutoB

1.3.0.8876

ESET NOD32

Win32/Packed.Themida suspicious (variant)

11.15079

K7 AntiVirus

Trojan

13.10.4.22690

Qihoo 360 Security

HEUR/QVM19.1.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Heuristic!ET#96% (rdm+)

23.00.65.17314

VIPRE Antivirus

Backdoor.Win32.Ircbot.gen

56612

File size:

1.2 MB (1,214,464 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

3/5/2017 1:43:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

Entry address:

0x335000

Entry point:

57, 89, E7, 53, BB, 04, 00, 00, 00, 81, C7, 18, 74, D6, 0B, 01, DF, 81, EF, 18, 74, D6, 0B, 5B, 83, EF, 04, 87, 3C, 24, 5C, 68, F9, 6C, 00, 00, 89, 14, 24, 89, 34, 24, 89, 04, 24, 68, C7, 15, 00, 00, 89, 04, 24, 89, 1C, 24, E8, 01, 00, 00, 00, CC, FF, 34, 24, 8B, 04, 24, 83, C4, 04, 83, C4, 04, 50, 81, 34, 24, FF, 10, 02, 78, 8B, 1C, 24, 57, 89, E7, 81, C7, 04, 00, 00, 00, 83, C7, 04, 87, 3C, 24, 5C, 81, F3, FF, 10, 02, 78, 57, BF, FF, FF, FF, FF, 05, 8E, 5D, 1A, 62, 29, F8, 2D, 8E, 5D, 1A, 62, 5F, 68, 45... 
[+]

Entropy:

7.9446 (probably packed)

Code size:

3 KB (3,072 bytes)

Remove hwidgen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.