» wiupdat.exe
Overview
Analysis
File Details

wiupdat.exe

Bahninmaschini

Foxit Corporation

The executable wiupdat.exe has been detected as malware by 25 anti-virus scanners.

File name:

wiupdat.exe

Publisher:

Foxit Corporation

Product:

Bahninmaschini

Version:

5.01.0008

MD5:

57cc49a19ae124aa91f5149af174624e

SHA-1:

08790e2a6af9ee073782fcc20d7c2b09c96c49c8

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/27/2024 2:25:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.99824

583

AhnLab V3 Security

Win-Trojan/MDA.140610

2014.07.22

Avira AntiVirus

TR/VB.Downloader.1477

7.11.163.86

avast!

Win32:VB-AIOP [Trj]

2014.9-150701

AVG

PSW.Agent

2016.0.3061

Baidu Antivirus

Trojan.Win32.Tofsee

4.0.3.1571

Bitdefender

Gen:Variant.Zusy.99824

1.0.20.910

Dr.Web

BackDoor.Tofsee.141

9.0.1.0182

Emsisoft Anti-Malware

Gen:Variant.Zusy.99824

8.15.07.01.11

ESET NOD32

Win32/Tofsee.AX

9.10134

Fortinet FortiGate

W32/Tofsee.AX!tr.bdr

7/1/2015

F-Secure

Gen:Variant.Zusy.99824

11.2015-01-07_4

G Data

Gen:Variant.Zusy.99824

15.7.24

Kaspersky

Backdoor.Win32.Tofsee

14.0.0.1800

Malwarebytes

Trojan.Dorkbot.ED

v2015.07.01.11

McAfee

RDN/Generic BackDoor!zc

5600.6717

Microsoft Security Essentials

Backdoor:Win32/Tofsee.F

1.10802

MicroWorld eScan

Gen:Variant.Zusy.99824

16.0.0.546

NANO AntiVirus

Trojan.Win32.Tofsee.dcjcqx

0.28.2.60990

Panda Antivirus

Trj/CI.A

15.07.01.11

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.15629

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBH01GI14

7.2.182

VIPRE Antivirus

Trojan.Win32.Generic

31492

File size:

132 KB (135,168 bytes)

Product version:

5.01.0008

Original file name:

Spi.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\wiupdat.exe

File PE Metadata

Compilation timestamp:

7/16/2014 1:56:21 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:hgr5JyTWN5nkXj839EhZYktBRwCfpQjGK1t7zEOnQQ:he5JyTm5nA0qrQCc15Dn

Entry address:

0x11F0

Entry point:

68, E0, 63, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 2A, 7A, 29, A1, D7, 6A, 7F, 4A, B8, E3, E2, D1, 47, 17, B8, 0D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 63, 74, 45, 78, 20, 2D, 42, 65, 66, 72, 65, 69, 75, 6E, 67, 73, 64, 65, 6E, 6B, 6D, 61, 6C, 00, 29, 2C, 20, 34, 30, 39, 00, 00, 00, 00, FF, CC, 31, 00, 06, FD, EC, 9F, E8, 3C, 10, 05, 45, A6, B0, C5, A9, A2, DB, 6A, 73, D8, 19, C6, 2A, CD, 79, 3A, 40, AB, D4, 25, D7, CA, 7B, 0E, EC, 3A, 4F, AD... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

116 KB (118,784 bytes)

Remove wiupdat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.