» lightning.exe
Overview
Analysis
File Details
Downloads (1)

lightning.exe

WebDevAZ Inc

The application lightning.exe by WebDevAZ Inc has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile. The file has been seen being downloaded from www.windows7screensavers.net.

File name:

lightning.exe

Publisher:

WebDevAZ Inc (signed and verified)

MD5:

967421c8074ace7ab24b772f2adb818e

SHA-1:

64aabe16f836b39fe2cf456d50620e213c52d7e0

SHA-256:

19626a1ba396f62f0ddd55fdfc9e70dba0315318a6ac5674b687c471928a7f15

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 3:03:47 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Adware/Relevant.261328

2013.01.18

Avira AntiVirus

SPR/Tool.ThemeXP.5

7.11.57.180

avast!

NSIS:Adware-ED [PUP]

2014.9-141225

Dr.Web

Adware.WebDevAz.3

9.0.1.0359

Emsisoft Anti-Malware

Riskware.Win32.RelevantKnowledge.AMN

8.14.12.25.04

ESET NOD32

Win32/Adware.RK

8.7904

Fortinet FortiGate

Riskware/RK

12/25/2014

McAfee

Artemis!967421C8074A

5600.6905

Microsoft Security Essentials

SoftwareBundler:Win32/ThemeXP

1.163.1557.0

MicroWorld eScan

NSIS:Adware-ED [PUP]

15.0.0.1077

Norman

W32/WebDevAz.AAJ

11.20141225

Panda Antivirus

Generic Malware

14.12.25.04

Reason Heuristics

PUP.WebDevAZ.J

14.12.25.16

Trend Micro House Call

TROJ_GEN.RCBH1A2

7.2.359

VIPRE Antivirus

Trojan.Win32.Generic

15070

File size:

255.2 KB (261,328 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\lightning.exe

Digital Signature

Signed by:

WebDevAZ Inc

Authority:

GlobalSign nv-sa

Valid from:

3/30/2012 7:27:49 PM

Valid to:

1/7/2013 11:18:52 AM

Subject:

E=support@webdevaz.com, CN=WebDevAZ Inc, O=WebDevAZ Inc, L=Arizona, S=AZ, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FC34070781BBAC3D84DDEF3515EB5EFD

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:KQqmBv0cHaJKN2ja89jSiid7KYy8UGVhClB+D:FnHNNp8FSNd7KYTiID

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9256

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file lightning.exe has been seen being distributed by the following URL.

http://www.windows7screensavers.net/site_tempfiles/.../lightning.exe

Remove lightning.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.