» windowlivepot.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

windowlivepot.exe

SIAD

The application windowlivepot.exe by SIAD has been detected as a potentially unwanted program by 16 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WindowLivePot’. This file is typically installed with the program Window Live Pot Uninstall by SIAD.

File name:

windowlivepot.exe

Publisher:

SIAD (signed and verified)

Version:

1.0.0.1

MD5:

b57e720d197e683c3ba637ef5bd6499b

SHA-1:

f809b239be5c08cf9ea827a2b9e63a05863a09d8

SHA-256:

17a61152484032753d71235739aaa4ecb79d404138fa342973f340ac1268d7cf

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 7:28:13 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.WindowLivePot

7.1.1

AhnLab V3 Security

PUP/Win32.Wlivep

2015.09.09

Avira AntiVirus

ADWARE/WindowLivePot.A.1

8.3.2.2

AVG

Sidebar

2016.0.2990

Bkav FE

W32.HfsAdware

1.3.0.7133

Clam AntiVirus

Trojan.Fosniw-249

0.98/21511

Comodo Security

UnclassifiedMalware

23202

Dr.Web

Adware.Searcher.1168

9.0.1.0254

IKARUS anti.virus

AdWare.Win32.WindowLivePot

t3scan.1.9.5.0

Malwarebytes

Adware.WindowLivePot

v2015.09.11.05

NANO AntiVirus

Riskware.Win32.Searcher.dagoyc

0.30.24.3283

Qihoo 360 Security

Win32/Virus.Adware.847

1.0.0.1015

Trend Micro

TROJ_GEN.R0CBC0EC915

10.465.11

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43578

ViRobot

Adware.Agent.228192[h]

2014.3.20.0

File size:

222.8 KB (228,192 bytes)

Product version:

1.0.0.1

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\windowlivepot\windowlivepot.exe

Digital Signature

Signed by:

SIAD

Authority:

Thawte, Inc.

Valid from:

5/30/2011 9:00:00 AM

Valid to:

5/30/2012 8:59:59 AM

Subject:

CN=SIAD, O=SIAD, L="Kangnam-gu ", S=SEOUL, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

381CE30ED8472A4E13661E6BC55432C5

File PE Metadata

Compilation timestamp:

7/29/2011 5:52:05 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:CzXeVTBMQx+S0lCjyjT7/WeOcno7crYQ/1ORKgYIfqg1Kc5juEDzM:XIQR0yy7/WeOqpLkRKcrQqc

Entry address:

0x1D16B

Entry point:

E8, 4D, 7B, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 68, C0, C6, 41, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 00, 34, 43, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 00, 34... 
[+]

Entropy:

6.3391

Code size:

161.5 KB (165,376 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WindowLivePot

Command:

C:\Program Files\windowlivepot\windowlivepot.exe

The file windowlivepot.exe has been discovered within the following program.

Window Live Pot Uninstall by SIAD

www.windowlivepot.com

About 1% of users remove it

Remove windowlivepot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.