home

wepal.exe

The executable wepal.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from dc182.gulfup.com.
Version:
3, 3, 8, 1

MD5:
bad2a95a6fa855897ba70f74a1713e30

SHA-1:
734e7976f548d52852e167044aa90b7176bf9ee7

SHA-256:
98c5fb7ca4dce390dd43fda41e9f940f03f168d01216b071181f022162f574d5

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
4/19/2024 1:32:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BBBG
272

AegisLab AV Signature
Troj.Downloader.W32.AutoIt.mDtA
2.1.4+

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Trojan.Agent.BBBG
1.0.0.672

avast!
Win32:AutoIt-COQ [Trj]
2014.9-160508

AVG
MultiDropper_c
2017.0.2750

Baidu Antivirus
Trojan.Win32.Ransomlock
4.0.3.1658

Bitdefender
Trojan.Agent.BBBG
1.0.20.645

Comodo Security
UnclassifiedMalware
24916

Dr.Web
BackDoor.Bifrost.19762
9.0.1.0129

Emsisoft Anti-Malware
Trojan.Agent.BBBG
8.16.05.08.09

ESET NOD32
Win32/TrojanDropper.Autoit.CA
10.13430

Fortinet FortiGate
W32/Autoit.CA!tr
5/8/2016

F-Secure
Trojan.Agent.BBBG
11.2016-08-05_1

G Data
Trojan.Agent.BBBG
16.5.25

IKARUS anti.virus
Backdoor.MSIL
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.224.19489

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.243

McAfee
Artemis!BAD2A95A6FA8
5600.6406

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AA
1.1.12706.0

MicroWorld eScan
Trojan.Agent.BBBG
17.0.0.387

NANO AntiVirus
Trojan.Script.Agent.debxby
1.0.30.8136

nProtect
Trojan.Agent.BBBG
16.05.03.03

Panda Antivirus
Trj/Autoit.gen
16.05.08.09

Qihoo 360 Security
Win32/Trojan.fd6
1.0.0.1120

Quick Heal
TrojanRansom.Blocker.r3
5.16.14.00

Rising Antivirus
Trjoan.Generic-8kWDrxLvtr (Cloud)
23.00.65.16506

Sophos
Mal/Generic-S
4.98

Total Defense
Win32/Tnega.NMWZYGC
37.1.62.1

Trend Micro House Call
TROJ_SPNV.01K013
7.2.129

Trend Micro
TROJ_SPNV.01K013
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
49108

File size:
385.5 KB (394,744 bytes)

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\downloads\wepal.exe

File PE Metadata
Compilation timestamp:
1/29/2012 9:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:EuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLqIWO540m5/qg3A:v6Wq4aaE6KwyF5L0Y2D1PqL7DgQ

Entry address:
0xB8E70

Entry point:
60, BE, 00, 70, 47, 00, 8D, BE, 00, A0, F8, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file wepal.exe has been seen being distributed by the following URL.

http://dc182.gulfup.com/hDyQ9.exe

Remove wepal.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.