home

wget.exe

Kuzyakov Artur Vyacheslavovich IP

The application wget.exe by Kuzyakov Artur Vyacheslavovich IP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address redstation.com on port 80 using the HTTP protocol.
Publisher:
Kuzyakov Artur Vyacheslavovich IP  (signed and verified)

MD5:
eb64098c7dab31d0e28b86f8152401fa

SHA-1:
e6a2d7cd085612c7030e6a91403d9b6816d423fe

SHA-256:
11c5d6eb7113d9f493a9e79c5cf0414428dc29eef1d901401177239452a3990e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 9:10:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.KuzyakovArturVyacheslavovichIP.Meta
15.10.8.17

File size:
399.2 KB (408,816 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\driverpack notifier\bin\tools\wget.exe

Digital Signature
Signed by:
Kuzyakov Artur Vyacheslavovich IP

Authority:
Symantec Corporation

Valid from:
2/17/2015 1:00:00 AM

Valid to:
2/18/2016 12:59:59 AM

Subject:
CN=Kuzyakov Artur Vyacheslavovich IP, O=Kuzyakov Artur Vyacheslavovich IP, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
257BEAC53AA38B99FD1B541811F6EE8F

File PE Metadata
Compilation timestamp:
4/25/2009 4:09:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
7.10

CTPH (ssdeep):
6144:EoxkuaVJiysgokd+8L2LZ9aUedgk+TGk57rrpmNDEpO/YIPOWCiwYFnYsy:rxkJLiynXvqjggpl57rrpmNQp2YIGRYY

Entry address:
0xED800

Entry point:
60, BE, 00, C0, 48, 00, 8D, BE, 00, 50, F7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
392 KB (401,408 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to h188-227-175-225.host.redstation.co.uk  (188.227.174.225:80)

TCP (HTTP):
Connects to redstation.com  (80.243.178.242:80)

TCP (HTTP):
Connects to h88-150-206-2.host.redstation.co.uk  (88.150.206.2:80)

Remove wget.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.