home

net1.exe

Application Manager

Yury Saprykin

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Wipe Maintance’. The file has been seen being downloaded from files.filepuma.com and multiple other hosts.
Publisher:
Yury Saprykin  (signed and verified)

Product:
Application Manager

Version:
1.25.0.0

MD5:
8cfa266c5719232de830591f7b0ae8f2

SHA-1:
0ba38a0a9a83a19903d1e1bb6832d73aaf4054da

SHA-256:
a352a6ca6a507f32220565c78f8e370b3336f4c10091edd71ca2d4677f7c067f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 10:16:53 PM UTC  (today)

File size:
477.3 KB (488,776 bytes)

Product version:
1.25.0.0

Original file name:
net1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\net1-wipe\net1.exe

Digital Signature
Signed by:
Yury Saprykin

Authority:
COMODO CA Limited

Valid from:
4/10/2013 5:00:00 PM

Valid to:
4/11/2014 4:59:59 PM

Subject:
CN=Yury Saprykin, O=Yury Saprykin, STREET=Prospekt Revolucii 25, L=Voronez, S=Voronezhskaya oblast, PostalCode=394000, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009A364D2944DD647DA966F20AA921DE34

File PE Metadata
Compilation timestamp:
12/19/2013 2:08:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:yK8iLTNfkS+G1Wov+jLBSlVlAK8mKUlic:18iL+SHKo

Entry address:
0x6C14E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0142

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
424.5 KB (434,688 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wipe Maintance

Command:
"C:\Program Files\net1-wipe\net1.exe" windowsstartup


The file net1.exe has been discovered within the following programs.

Wipe  by PrivacyRoot.com
Publisher's description - “This powerful program can remove a lot of gigabytes of garbage on your computer and recover many free disk space. In addition, it will protect your privacy on the Internet - it removes records about personal activity on PC.”
privacyroot.com/software/tosite.pl?to=site&pcid=NET1ac433c64406dc0bcd2045a870f0ddb5d&language=ar&scn=wipe&affiliate=&pcidc=1
About 1% of users remove it
 
Powered by Should I Remove It?

The file net1.exe has been seen being distributed by the following 6 URLs.

http://files.filepuma.com/files/security-and-firewalls/.../Wipe_v2014.03.exe

http://www.filepuma.com/down/1392685663c5194/wipe_2014.03/.../0/

http://www.filepuma.com/file/1392685663c5194/wipe_2014.03/.../0/

http://wipe12.software.informer.com/.../

http://download.informer.com/.../setup_wipe.exe

http://privacyroot.com/software/.../setup_wipe.exe

Scan net1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.