» wiesmupdate.exe
Overview
Analysis
File Details
Behaviors (1)

wiesmupdate.exe

gaia media group Co., Ltd.

The application wiesmupdate.exe by gaia media group Co. has been detected as a potentially unwanted program by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named WIESM triggered to execute each time a user logs in.

File name:

wiesmupdate.exe

Publisher:

gaia media group Co., Ltd. (signed and verified)

Version:

1.0.0.0

MD5:

3fff3adbfa9950e8fa83071d9bfb69ed

SHA-1:

5d7105814b9a1fbe4b60ceedfc0224ab89c14ee6

SHA-256:

066996a538e1f0234ddfd126e72cfc3858ba6e8c466afe2fbde73e63a9342aee

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

1/11/2026 1:26:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.116120

AegisLab AV Signature

Gen.Variant.Strictor!c

2.1.4+

Avira AntiVirus

TR/Strictor.nhvnf

8.3.3.4

Arcabit

Trojan.Strictor.D1C598

1.0.0.788

Bitdefender

Gen:Variant.Strictor.116120

1.0.20.1580

Bkav FE

W32.HfsAdware

1.3.0.8455

Dr.Web

Trojan.Adkor.520

9.0.1.0316

Emsisoft Anti-Malware

Gen:Variant.Strictor.116120

8.16.11.11.08

F-Secure

Gen:Variant.Strictor.116120

11.2016-11-11_6

G Data

Gen:Variant.Strictor.116120

16.11.25

McAfee

Artemis!3FFF3ADBFA99

5600.6219

MicroWorld eScan

Gen:Variant.Strictor.116120

17.0.0.948

File size:

2.1 MB (2,233,040 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\wiesm\wiesmupdate.exe

Digital Signature

Signed by:

gaia media group Co., Ltd.

Authority:

Thawte, Inc.

Valid from:

5/23/2016 9:00:00 AM

Valid to:

7/23/2017 8:59:59 AM

Subject:

CN="gaia media group Co., Ltd.", O="gaia media group Co., Ltd.", L=Gangseo-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

651F1DA2E8A3D393B027E058D6CD880B

File PE Metadata

Compilation timestamp:

10/27/2016 3:59:45 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:yWq5+0C3iSsdYdbRIeM4DQoIbTo0nfh8wdlp:yWqknIeaoIXB

Entry address:

0x1D5DC4

Entry point:

55, 8B, EC, 83, C4, F0, B8, F0, AA, 5C, 00, E8, F4, 55, E3, FF, A1, 34, 18, 5E, 00, 8B, 00, E8, 88, 45, F4, FF, A1, 34, 18, 5E, 00, 8B, 00, B2, 01, E8, 9A, 62, F4, FF, A1, 34, 18, 5E, 00, 8B, 00, C6, 40, 5F, 00, 68, 6C, 5E, 5D, 00, 6A, 00, 68, 01, 00, 1F, 00, E8, D6, 8B, E3, FF, 85, C0, 74, 08, 50, E8, A0, 88, E3, FF, EB, 4E, 68, 6C, 5E, 5D, 00, 6A, 00, 6A, 00, E8, D8, 88, E3, FF, 8B, 0D, 6C, 19, 5E, 00, A1, 34, 18, 5E, 00, 8B, 00, 8B, 15, 64, 93, 5C, 00, E8, 44, 45, F4, FF, A1, 6C, 19, 5E, 00, 8B, 00, 80... 
[+]

Entropy:

6.5318

Developed / compiled with:

Microsoft Visual C++

Code size:

1.8 MB (1,920,512 bytes)

Scheduled Task

Task name:

WIESM

Trigger:

Logon (Runs on logon)

Remove wiesmupdate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.