home

webplugin.exe

webplugin

Zhejiang Dahua Technology CO.,LTD.

The executable webplugin.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 192.168.2.110 and multiple other hosts.
Publisher:
Zhejiang Dahua Technology CO.,LTD.  (signed and verified)

Product:
webplugin

Version:
3, 1, 0, 211230

MD5:
0b2a2dc9561be5947302c37c84f7292a

SHA-1:
204a009b23148dfd2f2b3160247a5dd5fa016eb8

SHA-256:
b45dae6c459500f5bbf8cc0f97e8e95e6380004210bcdba8d53ce5ddef7f9eb1

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
5/3/2024 3:51:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.67402
526

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/Strictor.915200
8.3.1.6

Arcabit
Trojan.Strictor.D1074A
1.0.0.425

AVG
Delf
2016.0.3004

Bitdefender
Gen:Variant.Strictor.67402
1.0.20.1195

Bkav FE
W32.Clod97c.Trojan
1.3.0.6979

Comodo Security
UnclassifiedMalware
23050

Dr.Web
Trojan.KillFiles.28365
9.0.1.0239

Emsisoft Anti-Malware
Gen:Variant.Strictor.67402
8.15.08.27.08

ESET NOD32
Win32/DelFile.C potentially unsafe
9.11931

F-Secure
Gen:Variant.Strictor.67402
11.2015-27-08_5

G Data
Gen:Variant.Strictor.67402
15.8.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.205.16539

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1516

McAfee
Artemis!0B2A2DC9561B
5600.6660

MicroWorld eScan
Gen:Variant.Strictor.67402
16.0.0.717

NANO AntiVirus
Trojan.Win32.KillFiles.dtledl
0.30.24.2487

Panda Antivirus
Trj/Genetic.gen
15.08.27.08

Qihoo 360 Security
Win32/Trojan.783
1.0.0.1015

Sophos
Generic PUA PC (PUA)
4.98

Trend Micro House Call
TROJ_GEN.R047C0OAJ15
7.2.239

Trend Micro
TROJ_GEN.R02LC0ODB15
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
42058

ViRobot
Trojan.Win32.S.Agent.915200[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.PePatch.Win32.73738
2.0.0.2284

File size:
893.8 KB (915,200 bytes)

Product version:
3, 1, 0, 211230

Copyright:
Copyright 211230

Original file name:
webplugin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\webplugin.exe

Digital Signature
Signed by:
Zhejiang Dahua Technology CO.,LTD.

Authority:
GlobalSign nv-sa

Valid from:
7/11/2014 4:00:17 AM

Valid to:
7/11/2016 4:00:17 AM

Subject:
CN="Zhejiang Dahua Technology CO.,LTD.", OU=研发中心-产品管理部, O="Zhejiang Dahua Technology CO.,LTD.", L=Hangzhou, S=Zhejiang, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112107ACBC49CA621D829A3C109E380158F5

File PE Metadata
Compilation timestamp:
8/11/2014 4:24:29 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:GcGNsFV1jlz3pyYg0/AG7muxrwqsM13HALOsbR:GcNx3wYgYTEYJAr

Entry address:
0x8156

Entry point:
55, 8B, EC, 6A, FF, 68, 30, 93, 40, 00, 68, 50, 81, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, 80, 90, 40, 00, 59, 83, 0D, 60, CB, 40, 00, FF, 83, 0D, 64, CB, 40, 00, FF, FF, 15, 84, 90, 40, 00, 8B, 0D, 50, AB, 40, 00, 89, 08, FF, 15, 88, 90, 40, 00, 8B, 0D, 4C, AB, 40, 00, 89, 08, A1, 8C, 90, 40, 00, 8B, 00, A3, 68, CB, 40, 00, E8, C3, 00, 00, 00, 83, 3D, 30, A9, 40, 00, 00, 75, 0C, 68, 84, 82, 40, 00, FF, 15, 90, 90...
 
[+]

Entropy:
7.9472

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
32 KB (32,768 bytes)

The file webplugin.exe has been seen being distributed by the following 16 URLs.

http://192.168.2.110/webplugin.exe

http://192.168.1.108/webplugin.exe

http://192.168.0.110/webplugin.exe

http://189.193.188.45/webplugin.exe

http://186.112.229.188:8000/webplugin.exe

http://192.168.1.117:82/webplugin.exe

http://192.168.1.12/webplugin.exe

http://10.168.0.108/webplugin.exe

http://190.157.5.215/webplugin.exe

http://192.168.0.24/webplugin.exe

http://192.168.1.66/webplugin.exe

http://mundomascota3.sytes.net:81/webplugin.exe

http://186.115.154.83/webplugin.exe

http://192.168.1.55/webplugin.exe

http://192.168.1.108:81/webplugin.exe

http://192.168.1.50/webplugin.exe

Remove webplugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.