home

searchresults_document_ready.exe

WEBPIC DESENVOLVIMENTO DE SOFTWARE LTDA

The executable searchresults_document_ready.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘searchresults_document_ready’.
Publisher:
WEBPIC DESENVOLVIMENTO DE SOFTWARE LTDA  (signed and verified)

MD5:
eac06fe8ddb01922eccc958396f1e525

SHA-1:
fab69db9257b880bdfc7f5b29711b5323f91974e

SHA-256:
586ea2e3b053566e80bb08baa7221c64abb6214845182ce8789b732cf6090ee9

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
4/18/2024 12:46:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
DeepScan:Generic.Banker.Delf.4392AB51
94

Agnitum Outpost
Trojan.PWS.Banker
7.1.1

Avira AntiVirus
TR/Spy.Banker.494688.2
8.3.2.4

Arcabit
DeepScan:Generic.Banker.Delf.4392AB51
1.0.0.629

avast!
Win32:Delf-TUK [Trj]
2014.9-161101

AVG
Lebros
2017.0.2572

Bitdefender
DeepScan:Generic.Banker.Delf.4392AB51
1.0.20.1530

Comodo Security
UnclassifiedMalware
23755

Dr.Web
Trojan.PWS.Banker1.13750
9.0.1.0306

Emsisoft Anti-Malware
DeepScan:Generic.Banker.Delf.4392AB51
8.16.11.01.06

ESET NOD32
Win32/Spy.Banker.AAWU (variant)
10.12714

Fortinet FortiGate
W32/Banker.TEFS!tr
11/1/2016

F-Secure
DeepScan:Generic.Banker.Delf.4392AB51
11.2016-01-11_3

G Data
DeepScan:Generic.Banker.Delf.4392AB51
16.11.25

IKARUS anti.virus
Trojan.Spy.Banker
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18090

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-644

McAfee
GenericR-ATY!EAC06FE8DDB0
5600.6228

MicroWorld eScan
DeepScan:Generic.Banker.Delf.4392AB51
17.0.0.918

NANO AntiVirus
Trojan.Win32.DeepScan.cxbvxc
1.0.10.5081

Panda Antivirus
Trj/CI.A
16.11.01.06

Qihoo 360 Security
Win32/Trojan.37a
1.0.0.1077

Quick Heal
TrojanBanker.Banker.r9
11.16.14.00

VIPRE Antivirus
Trojan.Win32.Generic
45802

ViRobot
Trojan.Win32.S.Agent.494688[h]
2014.3.20.0

File size:
483.1 KB (494,688 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\wowsys32\searchresults_document_ready.exe

Digital Signature
Signed by:
WEBPIC DESENVOLVIMENTO DE SOFTWARE LTDA

Authority:
COMODO CA Limited

Valid from:
3/5/2014 9:00:00 PM

Valid to:
3/6/2015 8:59:59 PM

Subject:
CN=WEBPIC DESENVOLVIMENTO DE SOFTWARE LTDA, O=WEBPIC DESENVOLVIMENTO DE SOFTWARE LTDA, STREET="RUA RUBIAO JUNIOR, 2386", STREET=PISO SUPERIOR, STREET=PARQUE INDUSTRIAL, L=SAO JOSE DO RIO PRETO, S=SAO PAULO, PostalCode=15025080, C=BR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0B0D17EC1449B4B2D38FCB0F20FBCD3A

File PE Metadata
Compilation timestamp:
4/23/2014 6:44:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:yDnUpQcEywGw1OYw5EWNp+oNP9egGNuJ2f8Y/vS3igGfNcmcpbd/l+qqDLuQr7YP:yhcEyQOY6EO9n4vSSffXaR/lbqnuQvYP

Entry address:
0x6377C

Entry point:
55, 8B, EC, 83, C4, F0, B8, FC, 26, 46, 00, E8, 28, 32, FA, FF, A1, 44, 8E, 46, 00, 8B, 00, E8, 74, 5B, FF, FF, A1, 44, 8E, 46, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 78, 8F, 46, 00, A1, 44, 8E, 46, 00, 8B, 00, 8B, 15, 90, 17, 46, 00, E8, 69, 5B, FF, FF, A1, 44, 8E, 46, 00, 8B, 00, E8, 95, 5C, FF, FF, E8, D4, 10, FA, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
392.5 KB (401,920 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
searchresults_document_ready

Command:
C:\users\{user}\appdata\wowsys32\searchresults_document_ready.exe


Remove searchresults_document_ready.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.