home

iws.exe

iws

clickkorea Co.,Ltd.

The executable iws.exe has been detected as malware by 13 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
clickkorea Co.,Ltd.  (signed and verified)

Product:
iws

Version:
1.00

MD5:
da09a4d04b304295d8d575adf5f9684d

SHA-1:
c9e0ced61ab98c4dd8725dd9f0f5deddc74f7000

SHA-256:
d1e1593f55369d2845856412c4ec18f96b7f87cc38771c500bec508716a129c8

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/24/2024 10:03:24 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/Helper.WiseSearch.60552
2013.08.19

Avira AntiVirus
TR/Dldr.VB.PFP.2
7.11.97.40

AVG
Downloader.VB
2015.0.3581

Comodo Security
UnclassifiedMalware
16789

ESET NOD32
Win32/TrojanDownloader.VB.PFP
8.8701

Fortinet FortiGate
W32/VB.PFP!tr.dldr
1/28/2014

IKARUS anti.virus
Trojan-Downloader.VB
t3scan.2.0.127

McAfee
Artemis!DA09A4D04B30
5600.7237

MicroWorld eScan
Trojan-Downloader.VB
15.0.0.84

Panda Antivirus
Trj/CI.A
14.01.28.03

Trend Micro House Call
TROJ_DLDR.XTA
7.2.28

Trend Micro
TROJ_DLDR.XTA
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
20656

File size:
59.1 KB (60,552 bytes)

Product version:
1.00

Original file name:
iws.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\iws.exe

Digital Signature
Signed by:
clickkorea Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
10/15/2012 9:00:00 AM

Valid to:
10/16/2013 8:59:59 AM

Subject:
CN="clickkorea Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="clickkorea Co.,Ltd.", L=Bucheon-si, S=Gyeonggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5290A5E78AF6B45211D651C03064ECB3

File PE Metadata
Compilation timestamp:
12/3/2012 4:57:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:wjP7ePGG5ZguE7MKxQjk0H6xUmIrZMFPGLjP7BIILhY:wj7e+G5uuNzaWhdMF+Lj7ZdY

Entry address:
0x1468

Entry point:
68, 10, 3E, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 9A, 75, EC, CC, 61, AD, AB, 41, B6, AD, 53, 0E, D0, 70, 19, A0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, E0, 00, 00, 00, 00, 00, 69, 77, 73, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, A1, 84, EB, 87, 8F, 4D, 56, 4B, 82, 3A, 33, 7D, 52, 1E, 5E, 4A, B7, 8D, 6E, DB, 76, 7F, 7E, 4D, A7, 12, 7D, DB, 07, 12, 43, F5, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Entropy:
5.1079

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
32 KB (32,768 bytes)

Remove iws.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.