» wifipasswordrevealerinstaller.exe
Overview
Analysis
File Details
Downloads (2)

wifipasswordrevealerinstaller.exe

WiFi Password Revealer

KeyFinder LTD

The application wifipasswordrevealerinstaller.exe, “WiFi Password Revealer Setup ” by KeyFinder has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from wifi-password-revealer.softonic.com and multiple other hosts.

File name:

Publisher:

Magical Jelly Bean (signed by KeyFinder LTD)

Product:

WiFi Password Revealer

Description:

WiFi Password Revealer Setup

Version:

1.0.0.5

MD5:

8a275d1fd9c001eeafa56ab4565bf5ad

SHA-1:

4310c2f1eb7613a7857fc18710ce1f14bd462c81

SHA-256:

30cc3bf2b92155b4218e2a2a3b63cb271917725e7473f3d93a48ff38af5e45f6

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

5/10/2024 1:32:16 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

7.9190

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.11.28.22

File size:

2.5 MB (2,623,576 bytes)

Product version:

1.0.0.5

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\wifipasswordrevealerinstaller.exe

Digital Signature

Signed by:

KeyFinder LTD

Authority:

Starfield Technologies, Inc.

Valid from:

2/25/2013 7:33:53 PM

Valid to:

4/26/2016 5:14:03 PM

Subject:

CN=KeyFinder LTD, O=KeyFinder LTD, L=Eastbourne, S="EAST SUSSEX ", C=GB

Issuer:

SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B12EAD0A0A9F5

File PE Metadata

Compilation timestamp:

10/9/2012 10:48:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:jyzbedyhDwO63hExaqbECSudl8CIyt3iwcd3MBr8V1qrAD:2zbeUhxcEIqbECvIQiZdcFPe

Entry address:

0xF3BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

59 KB (60,416 bytes)

The file wifipasswordrevealerinstaller.exe has been seen being distributed by the following 2 URLs.

http://wifi-password-revealer.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWufvh4PmE shfGNT8jSCsgtFV49esXvn itAwGMv/ueT43xcPMPiDhuLKWK/2nsehgoLQhISYmGwF0WhDX2apCtgHVjr/.../RccXyNCZ xnQoNe6cDQfmZ2uHdcBEVJaRVEzaiveeQ6KAXDtqEYB Yg4ApLETRp5R1WBoNC61A==

http://www.magicaljellybean.com/.../WiFiPasswordRevealerInstaller.exe

Remove wifipasswordrevealerinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.