home

webgets.exe

Advantig

Publisher:
Advantig  (signed and verified)

MD5:
330fa20a86231a690e32e599f59ef2dd

SHA-1:
45d3b73756517160c7031f3cb3653eacc08ee671

SHA-256:
f5af3d1ec42fe8fb8f36d69b8ad53109af9d3961b5bf93febc952a8eed80d14d

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/19/2024 6:07:09 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
NS:Trojan.Script.VBS.StartPage.rf!1596587
23.00.65.151123

File size:
146 KB (149,552 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\webgets.exe

Digital Signature
Signed by:
Advantig

Authority:
The USERTRUST Network

Valid from:
1/19/2008 7:00:00 PM

Valid to:
1/19/2011 6:59:59 PM

Subject:
CN=Advantig, O=Advantig, STREET=801 Old Hollow Rd., L=Winston-Salem, S=NC, PostalCode=27105, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
792C5277AC688479FA36B2C5C37CE75E

File PE Metadata
Compilation timestamp:
2/23/2008 3:51:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:E4ggWKpa/cdiJwWQH0nHks+KpKyl4q8NeJ6st3a:jHa/GTWdHk548mg

Entry address:
0x3FA2

Entry point:
83, EC, 0C, 53, 55, 56, 57, C7, 44, 24, 10, E0, 91, 40, 00, 33, DB, C6, 44, 24, 14, 20, FF, 15, 2C, 70, 40, 00, 53, FF, 15, 84, 72, 40, 00, BE, 00, 94, 7A, 00, BF, 00, 04, 00, 00, 56, 57, A3, 08, 28, 7A, 00, FF, 15, C8, 70, 40, 00, E8, 8D, FF, FF, FF, 8B, 2D, 90, 70, 40, 00, 85, C0, 75, 21, 68, FB, 03, 00, 00, 56, FF, 15, C4, 70, 40, 00, 68, A4, 92, 40, 00, 56, FF, D5, E8, 6A, FF, FF, FF, 85, C0, 0F, 84, 55, 01, 00, 00, BE, 80, 1F, 7A, 00, 56, FF, 15, 68, 70, 40, 00, 68, 94, 92, 40, 00, 56, E8, 28, 29, 00...
 
[+]

Entropy:
7.8289  (probably packed)

Code size:
23.5 KB (24,064 bytes)

Scan webgets.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.