» wnnru.exe
Overview
Analysis
File Details

wnnru.exe

Modeartikel

Ivan Yurievich Permyakov IP

The application wnnru.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

wnnru.exe

Publisher:

Ivan Yurievich Permyakov IP (signed and verified)

Product:

Modeartikel

Description:

Bombenbauers5

Version:

5.07.0008

MD5:

1c0a3c81ff4bb8e3a415de2e86bef4fb

SHA-1:

5232e410064ced6f7998ccceca30dda3902ceca5

SHA-256:

794beeb30ebf3e32fdc67806d162976d012c6a186c802a9f1baa268a6240c5be

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 9:45:38 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.3.5.17

File size:

166.7 KB (170,656 bytes)

Product version:

5.07.0008

Fortzulassen

Trademarks:

Papierband

Original file name:

Landesfinanzamt8 Druckerbildern.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\wnnru.exe

Digital Signature

Signed by:

Ivan Yurievich Permyakov IP

Authority:

COMODO CA Limited

Valid from:

3/27/2012 2:00:00 AM

Valid to:

3/28/2013 12:59:59 AM

Subject:

CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str, 194-236", L=Ekaterinburg, S=Sverdlovskaya oblast, PostalCode=620144, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4A7C90ECFD30D2E76C561C688CF7613F

File PE Metadata

Compilation timestamp:

11/17/2014 6:53:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x10EC

Entry point:

68, 20, 90, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 2B, 77, BF, 34, 1E, FD, 53, 4C, A9, FF, 36, 82, A4, DE, F6, CD, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 5C, 55, 73, 65, 72, 73, 4E, 65, 62, 65, 6E, 65, 69, 6E, 61, 6E, 64, 65, 72, 73, 63, 68, 61, 6C, 74, 65, 6E, 73, 35, 00, 00, 00, 00, 00, FF, CC, 31, 00, 09, CF, 5E, 39, A2, A4, 24, 95, 4E, 8E, 0B, 02, AF, 65, EC, B0, 70, CD, F1, BA, DD, A4, 7A, 5D, 4D, BF, 38, 4B, 4F, DD, 8E, 84, 58, 3A, 4F, AD... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

148 KB (151,552 bytes)

Remove wnnru.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.