home

wihlist-insert.exe

SystemNode

MG Software

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application wihlist-insert.exe by MG Software has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the New IT Desktop Setup installer. The file has been seen being downloaded from oth.files-download-41.com.
Publisher:
SwapSystem  (signed by MG Software)

Product:
SystemNode

Description:
SystemComponent

Version:
4, 0, 34, 0

MD5:
9430b2863505d1e91e2a37a96a2bcb30

SHA-1:
21daef5f5ce68acc60f1aa7042f8490bc45db4a7

SHA-256:
11c59c6f4e231dca973e57927f7e6929c602887b8222ab57d57bd85c642b6016

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/19/2024 6:33:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited.MGSoftware.Bundler (M)
16.2.13.0

File size:
112.3 KB (114,944 bytes)

Product version:
4, 0, 34, 0

Copyright:
2014

Trademarks:
SmallTrade Inc.

Original file name:
0008.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\wihlist-insert.exe

Digital Signature
Signed by:
MG Software

Authority:
MG

Valid from:
11/7/2014 6:05:37 PM

Valid to:
1/1/2040 12:59:59 AM

Subject:
CN=MG Software

Issuer:
CN=MG

Serial number:
0782F693BAAA668C4F8C7587B588BD86

File PE Metadata
Compilation timestamp:
12/5/2014 6:56:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:cSPJ3hCXD2bHtlycW/39W/OexaxQiXU4rNxlr7B4xdt:MKVegxaxlN/d4xdt

Entry address:
0x338E

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, 54, 40, 40, 00, 8B, F0, 8A, 06, 3C, 22, 74, 10, 3C, 20, 7E, 1E, 46, 80, 3E, 20, 7F, FA, EB, 16, 3C, 22, 74, 11, 46, 8A, 06, 84, C0, 75, F5, 3C, 22, 75, 07, EB, 04, 3C, 20, 7F, 07, 46, 8A, 06, 84, C0, 75, F5, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 30, 40, 40, 00, E8, 5B, 00, 00, 00, 68, 04, 60, 40, 00, 68, 00, 60, 40, 00, E8, 32, 00, 00, 00, F6, 45, E8, 01, 59, 59, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 2C, 40, 40, 00, 50, E8, 93, FC...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
9.5 KB (9,728 bytes)

The file wihlist-insert.exe has been seen being distributed by the following URL.

http://oth.files-download-41.com/.../wihlist-insert.exe

Remove wihlist-insert.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.