» wiindows.exe
Overview
Analysis
File Details
Behaviors (1)

wiindows.exe

The executable wiindows.exe has been detected as malware by 28 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘13749b87d90c5da06de1772072e17658’.

File name:

wiindows.exe

MD5:

e711b0004126250912403f66d65f642a

SHA-1:

f559e2750b31f361796393a5b7f0187669ee198d

SHA-256:

8884ee61dcf004d53732afd4a75269dd05c0878299aa412b848719de66504f5e

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

6/3/2024 2:21:40 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Jorik

2013.03.10

Avira AntiVirus

TR/Dropper.Gen6

7.11.64.68

avast!

Win32:Bladabindi-A [Trj]

2014.9-150922

AVG

ILCrypt

2016.0.2978

Bitdefender

Gen:Variant.Barys.7673

1.0.20.1325

Comodo Security

TrojWare.MSIL.Spy.Agent.EF

15514

Dr.Web

Win32.HLLW.Autoruner.25074

9.0.1.0265

Emsisoft Anti-Malware

Gen:Variant.Barys.7489

8.15.09.22.09

ESET NOD32

MSIL/Bladabindi (variant)

9.8099

Fortinet FortiGate

MSIL/Agent.MNB!tr

9/22/2015

F-Prot

W32/MSIL_Troj.AP.gen

v6.4.6.5.141

F-Secure

Gen:Variant.Barys.7673

11.2015-22-09_3

G Data

Gen:Variant.Barys.7673

15.9.22

IKARUS anti.virus

MSIL

t3scan.2.0.0.0

K7 AntiVirus

Riskware

13.163.8328

Kaspersky

Trojan.MSIL.Agent

14.0.0.1386

Malwarebytes

Backdoor.Agent.ZPTGen

v2015.09.22.09

McAfee

Generic MSIL.m

5600.6634

MicroWorld eScan

Gen:Variant.Barys.7673

16.0.0.795

Norman

Troj_Generic.FPIGT

11.20150922

Panda Antivirus

Trj/CI.A

15.09.22.09

Quick Heal

Worm.Necast.J3

9.15.12.00

Rising Antivirus

Worm.Necast!49F1

23.00.65.15920

Sophos

Mal/MSIL-DS

4.86

SUPERAntiSpyware

Heur.Agent/Gen-GalPic

9613

Trend Micro House Call

TROJ_SPNR.03L912

7.2.265

Trend Micro

TROJ_SPNR.03L912

10.465.22

VIPRE Antivirus

Worm.MSIL.Necast.j

15946

File size:

51.5 KB (52,736 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\wiindows.exe

File PE Metadata

Compilation timestamp:

11/5/2012 5:28:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:++oouOOpBbrxX6cZdk2oLkxB5Phtfi6nAJW:NWdG22kRZV1b

Entry address:

0xB27E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4520

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

37 KB (37,888 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

13749b87d90c5da06de1772072e17658

Command:

"C:\users\{user}\appdata\local\temp\wiindows.exe"..

Remove wiindows.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.