» wot.exe
Overview
Analysis
File Details
Downloads (1)

wot.exe

Sharapova Svetlana Borisovna IP

The application wot.exe by Sharapova Svetlana Borisovna IP has been detected as a potentially unwanted program by 17 anti-malware scanners. The file has been seen being downloaded from dlc.moemails.ru.

File name:

wot.exe

Publisher:

Sharapova Svetlana Borisovna IP (signed and verified)

MD5:

882e7a23d2766da22e3183ed98cb4ee6

SHA-1:

cd4df54d053dd21baa3728463347321d3a709bd0

SHA-256:

81564fc2a3b90522fdb16c5305a77e14e4fc2f480460d2560a5bac735210856c

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 2:07:26 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.98.72

avast!

Win32:Downloader-UFC [PUP]

2014.9-131126

AVG

Win32/Cryptor

2014.0.3539

Bitdefender

Gen:Variant.Symmi.27719

1.0.20.1180

Comodo Security

TrojWare.Win32.Kryptik.AXJX

16831

Dr.Web

Trojan.LoadMoney.17

9.0.1.0236

Emsisoft Anti-Malware

Gen:Variant.Symmi.27719

8.13.08.24.02

ESET NOD32

Win32/LoadMoney.AG (variant)

7.8731

F-Secure

Gen:Variant.Symmi.27719

11.2013-24-08_7

G Data

Gen:Variant.Symmi.27719

13.8.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.127

K7 AntiVirus

Trojan

13.170.9394

Malwarebytes

Trojan.LoadMoney

v2013.11.26.01

McAfee

BackDoor-FBES!882E7A23D276

5600.7271

MicroWorld eScan

Gen:Variant.Symmi.27719

14.0.0.708

Panda Antivirus

Trj/Genetic.gen

13.11.26.01

Reason Heuristics

PUP.SharapovaSvetlanaBorisovnaIP.D

14.3.1.0

File size:

65.9 KB (67,512 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\wot.exe

Digital Signature

Signed by:

Sharapova Svetlana Borisovna IP

Authority:

COMODO CA Limited

Valid from:

8/1/2013 5:00:00 PM

Valid to:

8/2/2014 4:59:59 PM

Subject:

CN=Sharapova Svetlana Borisovna IP, O=Sharapova Svetlana Borisovna IP, STREET="kv.48, 4 2-ya Kabelnaya ul.", L=Moscow, S=Moscow, PostalCode=111024, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0080584AB080C86335D4EE2B102C022E24

File PE Metadata

Compilation timestamp:

8/23/2013 6:03:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

1536:BbDpaq0jEpaRU7aU9RcpziLX+Tt4yhOUvwrOSUN9PXqh:Bb1aNE6u3aziLX+TJhOUvwrhUN9Pa

Entry address:

0x1140

Entry point:

55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 84, D1, 40, 00, E8, C8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 18, C7, 04, 24, 01, 00, 00, 00, FF, 15, 84, D1, 40, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 53, 83, EC, 14, 8B, 45, 08, 8B, 00, 8B, 00, 3D, 91, 00, 00, C0, 77, 3B, 3D, 8D, 00, 00, C0, 72, 4B, BB, 01, 00, 00, 00, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 08, 00, 00, 00, E8, 07, 23, 00, 00, 83, F8, 01, 0F, 84, F1, 00, 00, 00, 85, C0... 
[+]

Entropy:

6.3032

Code size:

10 KB (10,240 bytes)

The file wot.exe has been seen being distributed by the following URL.

http://dlc.moemails.ru/download/7b676763293c3c77647e7f77613d61663c7476674c6b7e7f2c/7e7f61777a772e222127212a24202b2735757a7f764c7a772e/003a8813/.../wot.exe

Remove wot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.