home

wpc_sweet-page.exe

28_wpc

Skytouch Technology Co., Limited

The application wpc_sweet-page.exe by Skytouch Technology Co., Limited has been detected as adware by 13 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from i1.proffiiget.in and multiple other hosts.
Publisher:
Skytech Co., Ltd.  (signed by Skytouch Technology Co., Limited)

Product:
28_wpc

Description:
Skytech

Version:
3.1.0.3357

MD5:
390ea85cc79fd6c37361b120dc8d324d

SHA-1:
8848172fe0b8273f14632c560161166b44bfc541

SHA-256:
15f16b65b21e85c92e12eea8e66fd17f5f980ed7dfc28da11909f1b253a16237

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
4/25/2024 6:30:36 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.130.188

avast!
Win32:Malware-gen
2014.9-140320

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.14226

Dr.Web
Adware.Mutabaha.44
9.0.1.057

Emsisoft Anti-Malware
Adware.Win32.AppInstall
8.14.03.20.02

ESET NOD32
Win32/ELEX (variant)
8.9464

Fortinet FortiGate
Riskware/Elex
2/26/2014

IKARUS anti.virus
Win32.Malware
t3scan.2.2.29

Malwarebytes
PUP.Optional.SkyTech.A
v2014.02.26.09

McAfee
Artemis!9CDEAD920A06
5600.7185

Reason Heuristics
PUP.SkytouchTechnologyCoLimited.O
14.3.20.14

Trend Micro House Call
TROJ_GEN.F47V0223
7.2.57

File size:
859.1 KB (879,768 bytes)

Product version:
3.1.0.3357

Copyright:
Skytech Copyright (C) 2013

Original file name:
Main.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wpc_sweet-page.exe

Digital Signature
Signed by:
Skytouch Technology Co., Limited

Authority:
GlobalSign nv-sa

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:6s+kAzi8GB0wWVCMVMxD/zZYXC/jJZjFGg9MYOZyujOmF:J+kUpCkCMVMzYXClLB/U

Entry address:
0x63E5C

Entry point:
E8, D5, CA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 94, 10, 00, 00, 83, C4, 0C, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 39, 45, 14, 75, 18, E8, F8, 0D, 00, 00, C7, 00, 16, 00, 00, 00, E8, AA, 93, 00, 00, 83, C8, FF, E9, 93, 00, 00, 00, 8B, 7D, 0C, 56, 8B, 75, 10, 85, F6, 74, 19, 85, FF, 75, 15, E8, D1, 0D, 00, 00, C7, 00, 16, 00, 00, 00, E8, 83, 93, 00, 00, 83, C8, FF, EB, 6E, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, F0, 77, 03...
 
[+]

Entropy:
5.8775

Code size:
534 KB (546,816 bytes)

The file wpc_sweet-page.exe has been seen being distributed by the following 2 URLs.

http://i1.proffiiget.in/.../wpc_sweet-page.exe

http://www.po114.us/hpnt/.../wpc_sweet-page.exe

Remove wpc_sweet-page.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.