» wgf4v.exe
Overview
Analysis
File Details
Downloads (2)

wgf4v.exe

Stpll

5YnFpYx5XMWl

The application wgf4v.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.inditedexplanatory.webcam and multiple other hosts.

File name:

wgf4v.exe

Publisher:

5YnFpYx5XMWl

Product:

Stpll

Description:

smart install

Version:

19.124.241.34

MD5:

4609575d665a99e43e90ae7b37eca82f

SHA-1:

53b19df8c690f65675149f7fde319a16b7469e6f

SHA-256:

62076a1e3d99e0653617a630ed13e65779ee45b7b80fbc513cc760a720cc28d3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

6/3/2024 3:32:11 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.InstallMonetizer.5YnFpYx5.Installer.Meta (M)

16.7.13.16

File size:

510.5 KB (522,752 bytes)

Product version:

19.124.241.34

b3kVs7GwXf1V1g

Trademarks:

3S70vf

Original file name:

gZmA8S264nWwqiz

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wgf4v.exe

File PE Metadata

Compilation timestamp:

7/13/2016 11:44:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:rrq/O7lGsH8nEXWTZvQrNvA68DaHSbUzlHlBTKB/55c8Q78XKEh7rO8O1OLvh6GA:bhGh5c98amO8yspLiZ

Entry address:

0x5DC3

Entry point:

E8, 4D, 41, 00, 00, E9, 8C, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2B, FF, 75, 08, 6A, 00, FF, 35, 50, E6, 41, 00, E9, E7, F4, FF, FF, 85, C0, 75, 17, 56, E8, 95, 12, 00, 00, 8B, F0, E9, 49, 13, 00, 00, 50, E8, 3B, 12, 00, 00, 59, 89, 06, 5E, 5D, C3, FF, 15, 0C, 80, 41, 00, E9, DB, 9C, 00, 00, 6A, 00, E9, B6, 50, 00, 00, C3, E9, CC, 2A, 00, 00, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 35, 48, D3, 41, 00, E9, 29, B3, FF, FF, FF, D0, 5D, C2, 04, 00, FF, 15, 10, 80, 41, 00, E9, 2F, 2B, 00... 
[+]

Code size:

90.5 KB (92,672 bytes)

The file wgf4v.exe has been seen being distributed by the following 2 URLs.

http://www.inditedexplanatory.webcam/.../j6fkf.exe

http://www.inditedexplanatory.webcam/.../wgf4v.exe

Remove wgf4v.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.