home

net1.exe

Application Manager

Yury Saprykin

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Wipe Maintance’. The file has been seen being downloaded from privacyroot.com and multiple other hosts.
Publisher:
Yury Saprykin  (signed and verified)

Product:
Application Manager

Version:
1.28.0.0

MD5:
8eda1872ee99fb2eabbc0864bd6ea32d

SHA-1:
632c303e4b5142f58d610a84dafc65b7e75b29f5

SHA-256:
6d32cb7c55a52a9249c6e299bc98803a279ec0a157e414a327ed5c57eb1a9a1b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 12:33:39 AM UTC  (today)

File size:
479.3 KB (490,808 bytes)

Product version:
1.28.0.0

Original file name:
net1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\net1-wipe\net1.exe

Digital Signature
Signed by:
Yury Saprykin

Authority:
COMODO CA Limited

Valid from:
3/13/2014 1:00:00 PM

Valid to:
3/13/2017 12:59:59 PM

Subject:
CN=Yury Saprykin, O=Yury Saprykin, STREET=Prospekt Revolucii 25, L=Voronezh, S=VO, PostalCode=394000, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C71956DD75CB37084C7A30D3E4519F3E

File PE Metadata
Compilation timestamp:
5/20/2014 10:37:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:UK8iLTNfkS+G1Wov+jLBSlVlAKg8/Blig:n8iL+S4Q

Entry address:
0x6C90E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0126

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
426.5 KB (436,736 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Wipe Maintance

Command:
"C:\Program Files\net1-wipe\net1.exe" windowsstartup


The file net1.exe has been discovered within the following programs.

Wipe  by PrivacyRoot.com
Publisher's description - “This powerful program can remove a lot of gigabytes of garbage on your computer and recover many free disk space. In addition, it will protect your privacy on the Internet - it removes records about personal activity on PC.”
privacyroot.com/software/tosite.pl?to=site&pcid=NET1ac433c64406dc0bcd2045a870f0ddb5d&language=ar&scn=wipe&affiliate=&pcidc=1
About 1% of users remove it
 
Powered by Should I Remove It?

The file net1.exe has been seen being distributed by the following 2 URLs.

http://privacyroot.com/software/.../setup_wipe.exe

http://down.filepuma.com/files/security-and-firewalls/.../Wipe_v2014.09.exe

Scan net1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.