home

wn.exe

The executable wn.exe has been detected as malware by 15 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘70b90c2927dd3ad33c50e5c1d51d9f1d’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.
Version:
0.0.0.0

MD5:
822ef909d0e8d961c9933272c3032d63

SHA-1:
3530f90a888439243518b810c1f2d28ad2fde3f7

SHA-256:
88efcd1b492356d64fd1c2c0f5a50a7aaa5b6e90e241e11612b353ba587b556b

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
4/26/2024 8:24:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.367194
1017

Avira AntiVirus
BDS/MSIL.Bladabindi.AA.6467
7.11.144.160

Baidu Antivirus
Trojan.MSIL.Kryptik
4.0.3.14424

Bitdefender
Gen:Variant.Kazy.367194
1.0.20.570

Dr.Web
Win32.HLLW.Autoruner.25074
9.0.1.0114

Emsisoft Anti-Malware
Gen:Variant.Kazy.367194
8.14.04.24.06

ESET NOD32
MSIL/Kryptik.UD (variant)
8.9703

Fortinet FortiGate
MSIL/Kryptik.UD!tr
4/24/2014

F-Secure
Gen:Variant.Kazy.367194
11.2014-24-04_5

G Data
Gen:Variant.Kazy.367194
14.4.24

IKARUS anti.virus
Backdoor.MSIL
t3scan.1.6.1.0

Malwarebytes
Backdoor.Bot
v2014.04.24.06

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AA
1.10502

MicroWorld eScan
Gen:Variant.Kazy.367194
15.0.0.342

Panda Antivirus
Generic Malware
14.04.24.06

File size:
441 KB (451,584 bytes)

Product version:
0.0.0.0

Original file name:
NJServer.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\wn.exe

File PE Metadata
Compilation timestamp:
4/20/2014 12:50:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:xdZwDrwSmH0J/kb5q37+1/GygOiDFG+Ju:xTFNx4/ygOYFG+

Entry address:
0x2E7AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BE, EF, 52, 53, 00, 00, 00, 00, 02, 00, 00, 00, 1C, 01, 00, 00, 1C, 00, 03, 00, 1C, CC, 02, 00, 52, 53, 44, 53, AD, E4, 06, CA, FF, 8D, 54, 4B, 9F, EB, B9, 3B, EA, 55...
 
[+]

Entropy:
6.1705

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
178 KB (182,272 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
70b90c2927dd3ad33c50e5c1d51d9f1d

Command:
"C:\users\{user}\appdata\local\temp\wn.exe"..


Remove wn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.