» wcmgr.exe
Overview
Analysis
File Details
Behaviors (1)

wcmgr.exe

Datawave System Inc.

The application wcmgr.exe by Datawave System has been detected as a potentially unwanted program by 11 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘wcmgr.exe’.

File name:

wcmgr.exe

Publisher:

Datawave System Inc. (signed and verified)

Version:

1.0.0.1

MD5:

bd79c3baa931e9fdeb75cfbc88f2f1ca

SHA-1:

b91304e1d0f742f53dc0011549085845d91e16aa

SHA-256:

1af6b9f6cc83ca9a13feb4bbcc1bb76129c6bd3fb231c941fa13f2d8ccbebb4e

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 8:27:15 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Dldr.Delphi!c

2.1.4+

AhnLab V3 Security

PUP/Win32.WebCompass.R15967

3.7.4.14

Avira AntiVirus

TR/Dldr.Delphi.Gen

8.3.3.4

Comodo Security

Heur.Suspicious

25328

Dr.Web

Trojan.DownLoader6.55238

9.0.1.071

Malwarebytes

Adware.WebCompass

v2017.03.12.03

McAfee

Artemis!BD79C3BAA931

5600.6097

NANO AntiVirus

Trojan.Win32.Delphi.cyuimr

1.0.38.8984

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

50370

Zillya! Antivirus

Trojan.BhoSiggenCRTD.Win32.1705

2.0.0.2930

File size:

654.7 KB (670,392 bytes)

Product version:

1.0.0.1

File type:

Executable application (Win32 EXE)

Language:

Korean (Korea)

Common path:

C:\users\{user}\appdata\local\webcompass\wcmgr.exe

Digital Signature

Signed by:

Datawave System Inc.

Authority:

Thawte, Inc.

Valid from:

2/6/2011 4:00:00 PM

Valid to:

3/8/2012 3:59:59 PM

Subject:

CN=Datawave System Inc., OU=Business Solution Divsion, O=Datawave System Inc., L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1FE14B2195F69E03836DBA8728D30D8F

File PE Metadata

Compilation timestamp:

10/26/2011 2:57:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x68B44

Entry point:

55, 8B, EC, 83, C4, F0, B8, 08, 74, 46, 00, E8, F4, DF, F9, FF, 68, 0C, 8C, 46, 00, 6A, 00, 6A, 00, E8, D2, E1, F9, FF, A3, A4, 17, 47, 00, 33, C0, 55, 68, FE, 8B, 46, 00, 64, FF, 30, 64, 89, 20, 83, 3D, A4, 17, 47, 00, 01, 72, 09, E8, 81, E2, F9, FF, 85, C0, 74, 0C, B8, 24, 8C, 46, 00, E8, 13, D6, FF, FF, EB, 49, A1, 30, B4, 46, 00, 8B, 00, E8, C1, 14, FF, FF, A1, 30, B4, 46, 00, 8B, 00, B2, 01, E8, AB, 32, FF, FF, A1, 30, B4, 46, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, D8, B4, 46, 00, A1, 30, B4, 46, 00, 8B... 
[+]

Entropy:

6.0719

Developed / compiled with:

Microsoft Visual C++

Code size:

413.5 KB (423,424 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

wcmgr.exe

Command:

C:\users\{user}\appdata\local\webcompass\wcmgr.exe

Remove wcmgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.