home

windowadvertisement.exe

windowadvertisement

enliple Ltd.

The application windowadvertisement.exe by enliple has been detected as a potentially unwanted program by 20 anti-malware scanners.
Publisher:
enliple Ltd.  (signed and verified)

Product:
windowadvertisement

Version:
9.07

MD5:
4518782318c02aefac1e503433506392

SHA-1:
913e99a7d5f7845b865abf545b3c51640ff82db9

SHA-256:
7e4a7b84879c1b09035c7e627baf757ec7417d21bfb932d592f49b969a211f52

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 4:03:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1596959
608

Agnitum Outpost
PUA.Kraddare
7.1.1

AhnLab V3 Security
PUP/Win32.WindowNM
2014.07.22

Avira AntiVirus
Adware/Kraddare.HW.26
7.11.163.78

avast!
Win32:Adware-gen [Adw]
2014.9-150606

AVG
Generic5
2016.0.3086

Bitdefender
Trojan.GenericKD.1596959
1.0.20.785

Comodo Security
ApplicUnwnt
18930

Dr.Web
BACKDOOR.Trojan
9.0.1.0157

Emsisoft Anti-Malware
Trojan.GenericKD.1596959
8.15.06.06.02

ESET NOD32
Win32/Adware.Kraddare.HW (variant)
9.10133

Fortinet FortiGate
Riskware/Kraddare
6/6/2015

F-Secure
Trojan.GenericKD.1596959
11.2015-06-06_7

G Data
Trojan.GenericKD.1596959
15.6.24

IKARUS anti.virus
Win32.AdWare
t3scan.1.6.1.0

McAfee
Artemis!4518782318C0
5600.6742

MicroWorld eScan
Trojan.GenericKD.1596959
16.0.0.471

nProtect
Trojan.GenericKD.1596959
14.07.21.01

Reason Heuristics
PUP.enliple
15.6.6.10

VIPRE Antivirus
Trojan.Win32.Generic
31482

File size:
3.8 MB (4,001,640 bytes)

Product version:
9.07

Original file name:
windowadvertisement.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\windowadvertisement\windowadvertisement.exe

Digital Signature
Signed by:
enliple Ltd.

Authority:
Thawte, Inc.

Valid from:
6/26/2013 9:00:00 AM

Valid to:
6/27/2015 8:59:59 AM

Subject:
CN=enliple Ltd., OU=Internet Dept, O=enliple Ltd., L=Guro-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
178A151BFE91D2CFD345640D3EE64736

File PE Metadata
Compilation timestamp:
2/13/2014 1:38:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:Q0CR9B8BjGNg6Sf+Bz0CR9B8BjGNg6Sf+I0CR9B8BjGNg6Sf+s0CR9B8BjGNg6SS:Q0CR9B8BjGNg6Sf+N0CR9B8BjGNg6SfA

Entry address:
0x790C

Entry point:
68, 6C, 49, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 9F, DA, 9B, 32, 95, 11, 36, 44, AB, 7E, 8B, 55, 7A, A3, D3, 71, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 77, 69, 6E, 64, 6F, 77, 61, 64, 76, 65, 72, 74, 69, 73, 65, 6D, 65, 6E, 74, 00, 88, C2, 08, 06, 00, 00, 00, 00, FF, CC, 31, 00, 97, D3, 68, 1E, 00, 54, A5, 59, 43, A2, C6, 57, 86, 2C, 42, 70, 0C, 97, 35, 68, 55, E4, 73, 59, 44, 8B, 64, B3, 33, 84, 10, 3B, 35, 3A, 4F, AD...
 
[+]

Entropy:
5.8109

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
3.4 MB (3,559,424 bytes)

Remove windowadvertisement.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.