home

WebPlugin.exe

WebPlugin.exe

TRENDnet, Inc.

This is a self-extracting archive and installer. The file has been seen being downloaded from 200.31.121.249 and multiple other hosts.
Publisher:
HOEM  (signed by TRENDnet, Inc.)

Product:
WebPlugin.exe

Description:
Setup HOEM_Plugin_X

Version:
2.0.0.4

MD5:
30e914387737043cee7b5ba54eed7520

SHA-1:
d60f89f7255b3514f2cdafe670cbc07afaa28e32

SHA-256:
8ca39cce316e8b91566de17ccfc466ca621b9ac0fe2b1a2d203d35551d31953d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 5:27:15 AM UTC  (today)

File size:
1.1 MB (1,102,024 bytes)

Product version:
2.0.0.4

Copyright:
Copyright (C) 2013

Original file name:
WebPlugin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\webplugin.exe

Digital Signature
Signed by:
TRENDnet, Inc.

Authority:
Starfield Technologies, Inc.

Valid from:
7/20/2012 5:33:00 PM

Valid to:
7/20/2014 5:33:00 PM

Subject:
CN="TRENDnet, Inc.", OU=Web, O="TRENDnet, Inc.", L=Torrance, S=CA, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B6C8C175899B6

File PE Metadata
Compilation timestamp:
7/9/2013 9:02:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
24576:W7tWIStSBKsSNHK4lCW5KtZivbBF5/gsm4AkeZro8nnOS:WiS0K4lBgCbL54sm4A1

Entry address:
0x2261

Entry point:
E8, 55, 5A, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 56, 8B, 75, 0C, 56, E8, 25, 09, 00, 00, 89, 45, 0C, 8B, 46, 0C, 59, A8, 82, 75, 17, E8, 12, 10, 00, 00, C7, 00, 09, 00, 00, 00, 83, 4E, 0C, 20, 83, C8, FF, E9, 2F, 01, 00, 00, A8, 40, 74, 0D, E8, F7, 0F, 00, 00, C7, 00, 22, 00, 00, 00, EB, E3, 53, 33, DB, A8, 01, 74, 16, 89, 5E, 04, A8, 10, 0F, 84, 87, 00, 00, 00, 8B, 4E, 08, 83, E0, FE, 89, 0E, 89, 46, 0C, 8B, 46, 0C, 83, E0, EF, 83, C8, 02, 89, 46, 0C, 89, 5E, 04, 89, 5D, FC, A9, 0C, 01, 00...
 
[+]

Entropy:
7.9741  (probably packed)

Code size:
49.5 KB (50,688 bytes)

The file WebPlugin.exe has been seen being distributed by the following 2 URLs.

http://200.31.121.249:8676/WebPlugin.exe

http://10.0.0.57/WebPlugin.exe

Scan WebPlugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.