» weblink.exe
Overview
Analysis
File Details

weblink.exe

DBS Media Co.,Ltd

The application weblink.exe by DBS Media Co.,Ltd has been detected as adware by 9 anti-malware scanners.

File name:

weblink.exe

Publisher:

DBS Media Co.,Ltd (signed and verified)

Version:

1.0.0.0

MD5:

e4d0e1930f88a678fe256aa8a35fc67c

SHA-1:

ca5fc8f893a13b5171667912cf65ff9920daa487

SHA-256:

51ac3c66ac2efb4baae11a9cad37d57e9e27543d3a2dd5729ed32b3ae921bd3a

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

4/25/2024 10:05:20 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.WebLink

14.04.23

Bkav FE

W32.Clod8e4.Trojan

1.3.0.4959

Boost by Reason

Optional.DBSMediaCoLtd.H

188838

Comodo Security

ApplicUnwnt

18142

ESET NOD32

Win32/AdWare.Kraddare.IX (variant)

8.9704

nProtect

Adware/W32.KrAdword.2594408

14.04.21.01

Reason Heuristics

PUP.DBSMediaCoLtd.H

14.5.1.10

Vba32 AntiVirus

BScope.Downware.InstallMonstr

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

28468

File size:

2.5 MB (2,594,408 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\iniweblink\weblink.exe

Digital Signature

Signed by:

DBS Media Co.,Ltd

Authority:

Thawte, Inc.

Valid from:

3/25/2013 9:00:00 AM

Valid to:

3/26/2014 8:59:59 AM

Subject:

CN="DBS Media Co.,Ltd", OU=Dev Team, O="DBS Media Co.,Ltd", L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0C94F42A3F0C22959326D185DE8A25DB

File PE Metadata

Compilation timestamp:

10/10/2013 9:25:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:mCVD6pKFAkqhYSw1+xSmCbFDHpNvv5hYI0J6qHagNs:mRWlACB7pNvB

Entry address:

0x22661C

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, FC, 8D, 61, 00, E8, 4F, 55, DE, FF, 8B, 1D, C4, F9, 62, 00, 33, C0, 55, 68, FE, 66, 62, 00, 64, FF, 30, 64, 89, 20, B8, 7C, 57, 63, 00, BA, 18, 67, 62, 00, E8, C0, 10, DE, FF, 8B, 03, E8, 25, 2C, F0, FF, A1, E0, F5, 62, 00, C6, 00, 01, 8B, 03, 33, D2, E8, 4C, 26, F0, FF, 8B, 03, C6, 40, 5F, 00, 8B, 03, 8B, 80, 78, 01, 00, 00, 6A, EC, 50, E8, 66, 9C, DE, FF, 8B, 13, 8B, 92, 78, 01, 00, 00, 0D, 80, 00, 00, 00, 50, 6A, EC, 52, E8, 58, 9C, DE, FF, 8B, 03, 33, D2, E8, DF, 48, F0... 
[+]

Entropy:

6.5353

Developed / compiled with:

Microsoft Visual C++

Code size:

2.1 MB (2,248,704 bytes)

Remove weblink.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.