» setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe
Overview
Analysis
File Details

setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe

Western Web Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.

File name:

Publisher:

UpdaterResponse (signed by Western Web Applications, LLC)

Product:

UpdaterResponse

Version:

3, 0, 0, 1

MD5:

fab9a5ef42658ea15a5c298f67ff607a

SHA-1:

6b82feac5cb9128240d29037a23048d22cb9899e

SHA-256:

09816d06031d6f6a28edee6692669066c91c5f2f1b09b84adc3e8e59ab07992f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/23/2024 1:25:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt (M)

17.1.4.23

File size:

735.6 KB (753,296 bytes)

Product version:

3, 0, 0, 1

Original file name:

response.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe

Digital Signature

Signed by:

Western Web Applications, LLC

Authority:

COMODO CA Limited

Valid from:

5/24/2013 4:30:00 AM

Valid to:

5/25/2014 4:29:59 AM

Subject:

CN="Western Web Applications, LLC", O="Western Web Applications, LLC", STREET=640 E Grand Ave, STREET=Suite 129, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2A1B337726D509D16C17362E2E625DE9

File PE Metadata

Compilation timestamp:

9/11/2013 2:30:18 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x864FA

Entry point:

E8, 90, 7B, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 18, 71, 4A, 00, E8, D0, 09, 00, 00, 6A, 0E, E8, 45, 4E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 18, C6, 4A, 00, BA, 14, C6, 4A, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 37, D0, FF, FF, 59, FF, 76, 04, E8, 2E, D0, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, BF, 09, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 11, 4D, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

6.7102

Code size:

597.5 KB (611,840 bytes)

Remove setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.