» wps office free 2014 formerly kingsoft office suite setup.exe
Overview
Analysis
File Details
Downloads (1)

wps office free 2014 formerly kingsoft office suite setup.exe

WeDownload, Ltd

The application wps office free 2014 formerly kingsoft office suite setup.exe by WeDownload has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Midia Downloader installer. The file has been seen being downloaded from kingsoft-office-free.free-games.us.com.

File name:

Publisher:

WeDownload, Ltd (signed and verified)

MD5:

f0298eac0c03c0c378e191ceb4475b72

SHA-1:

68c924aba285498dc354b3b1b54e921c960ff44a

SHA-256:

1490c5eccb277e895e470d2e4162182770b17b962e3436d6a1199e8fe0bda520

Scanner detections:

32 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/5/2024 5:56:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.11968738

6406231

Agnitum Outpost

PUA.DL.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.DownloadManager

2014.11.22

Avira AntiVirus

APPL/Downloader.Gen

7.11.188.20

avast!

Downloader-TOV [PUP]

150203-1

AVG

Wedownload

2016.0.3201

Bitdefender

Dropped:Trojan.Generic.11968738

1.0.20.215

Clam AntiVirus

Win.Trojan.Dropped-1550

0.98/19741

Comodo Security

UnclassifiedMalware

20153

Emsisoft Anti-Malware

Dropped:Trojan.Generic.11968738

9.0.0.4799

ESET NOD32

MSIL/Soft32Downloader.C potentially unwanted application

7.0.302.0

Fortinet FortiGate

W32/Fakromup.I!tr

2/12/2015

F-Secure

Dropped:Trojan.Generic.11968738

5.13.68

G Data

Dropped:Trojan.Generic.11968738

15.2.24

IKARUS anti.virus

Trojan.MSIL.Fakromup

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.185.14098

Kaspersky

not-a-virus:Downloader.NSIS.Agent

15.0.0.543

McAfee

Trojan.Artemis!AF74F136D170

16.8.708.2

MicroWorld eScan

Dropped:Trojan.Generic.11968738

16.0.0.129

NANO AntiVirus

Trojan.Win32.Fakromup.dgyxwu

0.28.6.63474

Norman

Dropped:Trojan.Generic.11968738

02.01.2015 13:58:24

nProtect

Trojan/W32.Agent.573368

14.11.21.01

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Quick Heal

Trojan.MSI.r3

2.15.14.00

Reason Heuristics

PUP.Installer.WeDownload

15.2.12.0

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Fakromup

10059

Trend Micro House Call

TROJ_GE.98D3C9C2

7.2.43

Trend Micro

TROJ_GE.98D3C9C2

10.465.12

Vba32 AntiVirus

Signed-AdWare.WeDownload

3.12.26.3

VIPRE Antivirus

Threat.4150696

34948

Zillya! Antivirus

Trojan.Fakromup.Win32.2

2.0.0.2051

File size:

559.9 KB (573,368 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Midia Downloader (using Nullsoft Install System)

Common path:

C:\users\{user}\downloads\wps office free 2014 formerly kingsoft office suite setup.exe

Digital Signature

Signed by:

WeDownload, Ltd

Authority:

DigiCert Inc

Valid from:

2/5/2013 7:00:00 PM

Valid to:

2/11/2016 7:00:00 AM

Subject:

CN="WeDownload, Ltd", O="WeDownload, Ltd", L=Nicosia, C=CY

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0320C5B8F7CE6E92D3665598826A4480

File PE Metadata

Compilation timestamp:

5/11/2014 4:03:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:RPwMDD10JLlX4plVF664qrsXvVNgTob5itLXvo9jyISJd1/dnee2f:1t909K/VF4qrW7CFXvoxbWz/Jee2f

Entry address:

0x30E2

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 58, E4, 42, 00, E8, 95, 2D, 00, 00, A3, A4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, E0, 87, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, A0, DB, 42, 00, E8, 3F, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 2D, 2A... 
[+]

Entropy:

7.9119

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file wps office free 2014 formerly kingsoft office suite setup.exe has been seen being distributed by the following URL.

http://kingsoft-office-free.free-games.us.com/get/file/id/.../?lp=adwords&tg=ca&kw=Kingsoft office&mt=e&ad=30078237180&pl=&ds=s&uid=1413657560a5f34616d69b614539fbb03aec24a6c6&_ga=601272964.1413657560&gclid=CPX68-rstsECFRMaaQodoEkAZA

Remove wps office free 2014 formerly kingsoft office suite setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.