home

wgrudef.exe

Random House Webster's Unabridged Dictionary - WordGenius

Eurofield Information Solutions Pty Ltd

This is a setup and installation application. The file has been seen being downloaded from files.downloadnow.com.
Publisher:
Eurofield Information Solutions Pty Ltd  (signed and verified)

Product:
Random House Webster's Unabridged Dictionary - WordGenius

Description:
Installer

Version:
5.0.0.0

MD5:
f765c9e228b2f2583285399f1416270e

SHA-1:
35d7fb607ddad11bbf33153f8d5d94b0707f6509

SHA-256:
e4aa94742353cfeb80f08a9815d151524393df6bb199cbdd785d0e4c19e361b9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 7:30:05 AM UTC  (today)

File size:
17.2 MB (18,082,944 bytes)

Product version:
5.0.0.0

Copyright:
© 2013 Eurofield Information Solutions Pty Ltd

Original file name:
Start

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\wgrudef.exe

Digital Signature
Signed by:
Eurofield Information Solutions Pty Ltd

Authority:
VeriSign, Inc.

Valid from:
2/7/2013 5:30:00 AM

Valid to:
2/8/2014 5:29:59 AM

Subject:
CN=Eurofield Information Solutions Pty Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Eurofield Information Solutions Pty Ltd, L=Chatswood, S=NSW, C=AU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DABE49196C39713F6D6787D3492689F

File PE Metadata
Compilation timestamp:
11/15/2013 7:52:34 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
393216:HBZcKqablPsJQRPeK1WD1aP6gily6Nd6ymQcwMXmUO2s+/IFX:HBZczL1u6gmBNABQcwt2MFX

Entry address:
0x803A

Entry point:
6A, 00, FF, 15, 14, A1, 40, 00, 50, E8, 2D, FD, FF, FF, 50, FF, 15, C0, A1, 40, 00, FF, 35, C4, 73, 41, 00, E8, C9, CC, FF, FF, C3, 55, 8B, EC, 8B, 45, 0C, 53, 56, 57, FF, 75, 10, 33, DB, 50, FF, 15, 38, A2, 40, 00, 8B, 3D, 6C, A2, 40, 00, 8B, F0, 56, 89, 35, E8, DF, 40, 00, FF, D7, 3B, 05, C4, 73, 41, 00, 74, 05, A3, E8, DF, 40, 00, FF, 35, E8, DF, 40, 00, FF, 15, C0, A2, 40, 00, 66, A3, 06, E1, 40, 00, A1, F0, DF, 40, 00, 3B, F0, 74, 4F, 50, FF, D7, 3B, F0, 74, 48, 66, A1, 06, E1, 40, 00, 66, 3D, E4, 03...
 
[+]

Entropy:
7.9530

Packer / compiler:
FASM v1.3x

Code size:
34.5 KB (35,328 bytes)

The file wgrudef.exe has been seen being distributed by the following URL.

http://files.downloadnow.com/s/software/13/59/89/.../wgrudef.exe

Scan wgrudef.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.