» windviewer.exe
Overview
Analysis
File Details

windviewer.exe

torangcommunications

The application windviewer.exe by torangcommunications has been detected as adware by 7 anti-malware scanners.

File name:

windviewer.exe

Publisher:

torangcommunications (signed and verified)

Version:

1.0.0.2

MD5:

748d558795272dec0470987bc90a9824

SHA-1:

1f825ae9312dbbd508428c9a32a0fe4f83c78fe6

SHA-256:

891ec419ee7f7478aa51e9c202e4c3ab204729d79ddc806d836b8dda6389a5fd

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/27/2024 12:12:38 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Adware

2014.01.14

NANO AntiVirus

Trojan.Win32.Nsanti.bxqafw

0.28.0.57029

nProtect

Adware/W32.KrAdword.193096

14.01.13.01

Reason Heuristics

PUP.torangcommunications.K

14.7.17.10

Trend Micro House Call

ADW_KRADDARE

7.2.52

Trend Micro

ADW_KRADDARE

10.465.21

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

188.6 KB (193,096 bytes)

Product version:

1.0.0.2

Original file name:

windviewer.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\windviewer\windviewer.exe

Digital Signature

Signed by:

torangcommunications

Authority:

Thawte, Inc.

Valid from:

4/19/2013 9:00:00 AM

Valid to:

5/20/2014 8:59:59 AM

Subject:

CN=torangcommunications, O=torangcommunications, L=kangnam, S=seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

09827727BDB71CF128B5AEB47CE2C8EA

File PE Metadata

Compilation timestamp:

5/10/2013 2:34:18 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:Qojvx1sm3q3Atp4JMp3WCpYvcG8uP5eMcQZ6t9UV:rv7tSKp3WdvcgP56CYs

Entry address:

0x10A87

Entry point:

E8, C5, 63, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, B8, E4, 1A, 00, 00, E8, 50, D8, FF, FF, A1, D8, B1, 42, 00, 33, C5, 89, 45, FC, 8B, 45, 0C, 56, 8B, 75, 08, 57, 33, FF, 89, 85, 34, E5, FF, FF, 89, BD, 38, E5, FF, FF, 89, BD, 30, E5, FF, FF, 39, 7D, 10, 75, 07, 33, C0, E9, AE, 06, 00, 00, 3B, C7, 75, 1F, E8, A1, 0F, 00, 00, 89, 38, E8, 87, 0F, 00, 00, C7, 00, 16, 00, 00, 00, E8, 2A, 0F, 00, 00, 83, C8, FF, E9, 8B, 06, 00, 00, 8B, C6, C1, F8, 05, 8B, FE, 53, 8D, 1C, 85, 60, EB, 42, 00, 8B, 03, 83... 
[+]

Entropy:

5.8333

Code size:

104.5 KB (107,008 bytes)

Remove windviewer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.