» wow_helper.exe
Overview
Analysis
File Details

wow_helper.exe

Lyoness Cashback AG

The application wow_helper.exe by Lyoness Cashback AG has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

wow_helper.exe

Publisher:

Lyoness Cashback AG (signed and verified)

MD5:

e26915b3a8b41c45e24eddfa958a7d69

SHA-1:

25a03b960e8132a0303773e06c2d175dd839d1fe

SHA-256:

2f36388dfdfe5a6da872879d7131a5521a585a0b792a87e610e3b032506a52e8

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 12:46:23 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.LyonessC (M)

16.5.19.10

File size:

71.1 KB (72,792 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\lyoness browser\temp\source4660_9772\chrome-bin\wow_helper.exe

Digital Signature

Signed by:

Lyoness Cashback AG

Authority:

GlobalSign nv-sa

Valid from:

10/21/2013 6:07:04 PM

Valid to:

10/21/2016 6:07:04 PM

Subject:

E=domainadmin@lyoness.ag, CN=Lyoness Cashback AG, O=Lyoness Cashback AG, L=Graz, S=Styria, C=AT

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121966E6F40865E27DA6418F77DA28077D3

File PE Metadata

Compilation timestamp:

2/3/2009 8:16:59 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

1536:Cf77+031ru/qpap4qUqm+rIqRqEp+85LQyiQ:WWo1/op4qUqfrIkb+aLQs

Entry address:

0x2430

Entry point:

48, 83, EC, 28, E8, E7, 45, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 60, 48, 8B, 05, B3, 9E, 00, 00, 48, 8B, DA, 48, 8D, 54, 24, 20, 48, 89, 02, 48, 8B, 05, A9, 9E, 00, 00, 48, 89, 42, 08, 48, 8B, 05, A6, 9E, 00, 00, 48, 89, 42, 10, 48, 8B, 05, A3, 9E, 00, 00, 48, 89, 42, 18, 48, 8B, 05, A0, 9E, 00, 00, 48, 89, 42, 20, 48, 8B, 05, 9D, 9E, 00, 00, 48, 89, 42, 28, 48, 8B, 05, 9A, 9E, 00, 00, 48, 89, 42, 30, 48, 8B, 05, 97, 9E, 00... 
[+]

Code size:

42 KB (43,008 bytes)

Remove wow_helper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.