home

wdm.bin

Winner Solutions LLC

The file wdm.bin by Winner Solutions has been detected as a potentially unwanted program by 3 anti-malware scanners. While running, it connects to the Internet address 128-71-99-216.broadband.corbina.ru on port 44385.
Publisher:
Winner Solutions LLC  (signed and verified)

MD5:
d2d5bed37288cc15aca8b2175fcdda7e

SHA-1:
17f26400985e7746673d52ef94881cd9a9518afb

SHA-256:
fa833e706ed40b31720e01e8e68abc53ef3118547822d7e97ea02d60d6161928

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 4:03:59 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3277

Reason Heuristics
PUP.Optional.WinnerSolutions.G
14.11.28.2

VIPRE Antivirus
Threat.5064464
35088

File size:
2.4 MB (2,564,760 bytes)

Common path:
C:\users\{user}\appdata\local\winnerdm\wdm.bin

Digital Signature
Signed by:
Winner Solutions LLC

Authority:
VeriSign, Inc.

Valid from:
12/9/2013 3:00:00 AM

Valid to:
12/10/2015 2:59:59 AM

Subject:
CN=Winner Solutions LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Winner Solutions LLC, L=Sankt-Peterburg, S=Sankt-Peterburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
62C4C7A64C8A37907F0A31EF11A79AC6

File PE Metadata
Compilation timestamp:
11/24/2014 2:43:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:QTmO+6h/+vJTIeDs9KYviud+JUv0Rhm46PHim+p/uSJ9D:VO+6slIeDs4YFgUv0Rhm4tTn

Entry address:
0x19702F

Entry point:
E8, EC, D7, 01, 00, E9, 39, FE, FF, FF, 55, 8B, EC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, 6A, FF, FF, 75, 08, E8, 05, 00, 00, 00, 83, C4, 14, 5D, C3, 55, 8B, EC, 83, EC, 10, 83, 7D, 10, 00, 8B, 4D, 08, 8B, 45, 0C, 53, 56, 57, 89, 4D, FC, 89, 45, F8, 74, 1B, 8B, 5D, 14, 85, DB, 74, 14, 85, C9, 75, 19, E8, 8E, E4, FF, FF, C7, 00, 16, 00, 00, 00, E8, 6E, C3, 00, 00, 33, C0, 5F, 5E, 5B, 8B, E5, 5D, C3, 8B, 75, 18, 85, F6, 74, 0C, 83, C8, FF, 33, D2, F7, 75, 10, 3B, D8, 76, 24, 83, 7D, 0C, FF, 74, 0E, FF, 75, 0C...
 
[+]

Code size:
1.8 MB (1,917,440 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a72-247-184-16.deploy.akamaitechnologies.com  (72.247.184.16:80)

TCP (HTTP):
Connects to ec2-34-248-148-128.eu-west-1.compute.amazonaws.com  (34.248.148.128:80)

TCP (HTTP):
Connects to a104-93-82-219.deploy.static.akamaitechnologies.com  (104.93.82.219:80)

TCP (HTTP):
Connects to a2-16-4-202.deploy.akamaitechnologies.com  (2.16.4.202:80)

TCP (HTTP):
Connects to a104-93-82-170.deploy.static.akamaitechnologies.com  (104.93.82.170:80)

TCP (HTTP):
Connects to a95-101-72-12.deploy.akamaitechnologies.com  (95.101.72.12:80)

TCP:
Connects to ppp109-252-26-176.pppoe.spdop.ru  (109.252.26.176:10648)

TCP:
Connects to node-206-170-35-212.domolink.tula.net  (212.35.170.206:56881)

TCP:
Connects to nat-clients-pool1.sat-dv.ru  (91.235.146.199:11502)

TCP:
Connects to nat-18.gepard.dn.ua  (193.106.201.18:13480)

TCP:
Connects to host-46-250-106-173.la.net.ua  (46.250.106.173:1024)

TCP:
Connects to host-46-241-70-47.bbcustomer.zsttk.net  (46.241.70.47:16631)

TCP (HTTP SSL):
Connects to host-213.158.163.220.tedata.net  (213.158.163.220:443)

TCP (HTTP SSL):
Connects to host-213.158.163.211.tedata.net  (213.158.163.211:443)

TCP (HTTP):
Connects to host-213.158.163.210.tedata.net  (213.158.163.210:80)

TCP:
Connects to dynamicip-5x167x196x65.pppoe.volgograd.ertelecom.ru  (5.167.196.65:52182)

TCP:
Connects to dynamicip-188-232-248-31.pppoe.omsk.ertelecom.ru  (188.232.248.31:63962)

TCP:
Connects to dyn-72-46-108.fttbee.kis.ru  (46.251.72.108:21532)

TCP:
Connects to deutsch-fernsehen-154.infomir.com.ua  (79.142.196.154:13173)

TCP:
Connects to ctv-84-55-62-212.sugardas.lt  (84.55.62.212:43347)

Remove wdm.bin - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.