» wingad.dll
Overview
Analysis
File Details

wingad.dll

yssoft

The module wingad.dll by yssoft has been detected as a potentially unwanted program by 23 anti-malware scanners.

File name:

wingad.dll

Publisher:

wingad (signed by yssoft)

Product:

wingad

Version:

1.0.0.1

MD5:

c809281414210260090c3ae631807913

SHA-1:

6ba9d8f3bcf302b301eb7b70ebff7b68c8f72809

SHA-256:

15a21208e696250726b4dd8fbad6050185e4bc687221ce55258dc0b7c8868bca

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

5/5/2024 4:57:21 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Kraddare.FO

361

AhnLab V3 Security

PUP/Win32.SubShop

2015.02.19

Avira AntiVirus

ADWARE/SafeTerra.2225136.1

8.3.1.6

AVG

Generic

2017.0.2839

Baidu Antivirus

Adware.Win32.SafeTerra

4.0.3.1628

Bitdefender

Adware.Kraddare.FO

1.0.20.195

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.Adkor.91

9.0.1.039

Emsisoft Anti-Malware

Adware.Win32.Kraddare

8.16.02.08.05

ESET NOD32

Win32/Adware.SafeTerra (variant)

10.11475

Fortinet FortiGate

Riskware/SafeTerra

2/8/2016

F-Secure

Adware.Kraddare.FO

11.2016-08-02_2

G Data

Adware.Kraddare.FO

16.2.25

K7 AntiVirus

Adware

13.202.15594

Malwarebytes

Adware.Korad

v2016.02.08.05

McAfee

Artemis!AC1BFA870CF3

5600.6495

MicroWorld eScan

Adware.Kraddare.FO

17.0.0.117

nProtect

Adware.Kraddare.FO

15.04.14.01

Reason Heuristics

PUP.yssoft (M)

16.2.8.17

Trend Micro House Call

ADW_KRADDARE

7.2.39

Trend Micro

ADW_KRADDARE

10.465.08

VIPRE Antivirus

Trojan.Win32.Generic

42010

ViRobot

Adware.DreamPrime.2206704

2011.4.7.4223

File size:

2.2 MB (2,267,120 bytes)

Product version:

1.0.0.1

Original file name:

wingad.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\roaming\simplix\wingad.dll

Digital Signature

Signed by:

yssoft

Authority:

Thawte, Inc.

Valid from:

4/18/2914 9:00:00 AM

Valid to:

4/18/2916 8:59:59 AM

Subject:

CN=yssoft, O=yssoft, L=Guro-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7FB2D2278AC1A204482539F930E81A6C

File PE Metadata

Compilation timestamp:

1/20/2015 4:32:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:8VWAZOUp9VopACgq45hmcGRcUfIRzWNLoWaGk7/GxvI/UA4v:8VhZOUpvojgq45huRcUfua1o6k7/Gxvz

Entry address:

0x12D5D1

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 92, C9, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, F8, 0D, 1A, 10, E8, 10, 13, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 18, 1D, 1B, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 94, EC, 17, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.1823

Developed / compiled with:

Microsoft Visual C++

Code size:

1.3 MB (1,402,880 bytes)

Remove wingad.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.