» wnz.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

wnz.exe

The executable wnz.exe has been detected as malware by 22 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “wnz”. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address anubisnetworks.com on port 80 using the HTTP protocol.

File name:

wnz.exe

MD5:

cf3e485e3d3d7ccab27b139d73b63e20

SHA-1:

c1758d4d043766bc92b541e5a2f5fd1cf8f7520e

SHA-256:

35705b4449a3e74bec35d34fa599d4cf03032e5e259564c48932f212fdc1a8aa

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/20/2024 4:17:10 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.185318

595

Agnitum Outpost

Trojan.DL.Adcurl

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2015.06.19

Avira AntiVirus

TR/Dldr.Agent.417792.3

8.3.1.6

Arcabit

Trojan.Graftor.D2D3E6

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150619

AVG

Downloader.Generic14

2016.0.3073

Bitdefender

Gen:Variant.Graftor.185318

1.0.20.850

Emsisoft Anti-Malware

Gen:Variant.Graftor.185318

8.15.06.19.04

ESET NOD32

Win32/TrojanDownloader.Adcurl (variant)

9.11811

F-Secure

Gen:Variant.Graftor.185318

11.2015-19-06_6

G Data

Gen:Variant.Graftor.185318

15.6.25

IKARUS anti.virus

Trojan-Downloader.Win32.Adcurl

t3scan.1.9.5.0

K7 AntiVirus

Trojan-Downloader

13.205.16298

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1862

Malwarebytes

Trojan.Downloader

v2015.06.19.04

MicroWorld eScan

Gen:Variant.Graftor.185318

16.0.0.510

NANO AntiVirus

Trojan.Win32.Agent.dredmf

0.30.24.2086

Panda Antivirus

Trj/Genetic.gen

15.06.19.04

Reason Heuristics

Threat.Win.Reputation.IMP

15.6.19.12

VIPRE Antivirus

Trojan.Win32.Generic

41268

Zillya! Antivirus

Trojan.Adcurl.Win32.1

2.0.0.2237

File size:

408 KB (417,792 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\wnz.exe

File PE Metadata

Compilation timestamp:

6/19/2015 4:21:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

6144:0pBGDmIcRaFdBrWDlcXrcoWYeGqNSzM4pKmuvXEPMKrPnFe6VH:wMmyFXracXrcDNSwmusPMKrPn9VH

Entry address:

0x133B9

Entry point:

E8, FE, C1, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, A0, 42, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, E8, 24, 46, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, A0, 42, 46, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00... 
[+]

Entropy:

6.5602

Code size:

317 KB (324,608 bytes)

Service

Display name:

wnz

Type:

Win32OwnProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to anubisnetworks.com (195.22.26.248:80)

TCP (HTTP):

Connects to unallocated.barefruit.co.uk (92.242.140.20:80)

Remove wnz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.