» WRGet.exe
Overview
Analysis
File Details
Behaviors (1)

WRGet.exe

WebResearch

macropool GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WebResearchStartupInit’.

File name:

WRGet.exe

Publisher:

macropool GmbH (signed and verified)

Product:

WebResearch

Description:

WebResearch Saving

Version:

3.10.0852

MD5:

86b2b7387e16f481337d0bdadcec9cda

SHA-1:

0f8fa3dc5c83989775afc0319217e6633a71ad0d

SHA-256:

6397371af2ef721f49906b162996b3eac81494c33d6e6f7e8170ab64a8592fe7

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 6:34:08 AM UTC (today)

File size:

141.5 KB (144,936 bytes)

Product version:

3.10.0852

Original file name:

WRGet.exe

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\Program Files\webresearch\wrget.exe

Digital Signature

Signed by:

macropool GmbH

Authority:

Thawte, Inc.

Valid from:

4/14/2013 5:00:00 PM

Valid to:

4/15/2014 4:59:59 PM

Subject:

CN=macropool GmbH, OU=SECURE APPLICATION DEVELOPMENT, O=macropool GmbH, L=Weiden i.d.Opf., S=Bayern, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

27E1271F681F9EC9646874E37D7AE8D8

File PE Metadata

Compilation timestamp:

12/2/2013 2:25:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:VNjCME/qEsDy1SU3MoZUo5hYAtWRN+9EV+:VNeMElsDHUCo5WAt9W+

Entry address:

0x2038

Entry point:

68, A8, 22, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 38, 00, 00, 00, 3A, 52, 3E, 8A, 15, 72, D7, 4A, 9E, F5, EB, 1F, CB, 27, 7C, 1B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 57, 52, 47, 65, 74, 00, 00, 00, 57, 65, 62, 20, 52, 65, 73, 65, 61, 72, 63, 68, 20, 53, 61, 76, 69, 6E, 67, 22, 20, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, 98, 9B, BA, FC, 24, 6F, 04, 48, AC, EE, 84, 6D, 4B, 9D, D6, D2, 6D, 89, AE, 83, 1B, 6A, D3, 40, AE, 46, 67... 
[+]

Entropy:

5.6136

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

104 KB (106,496 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WebResearchStartupInit

Command:

"C:\Program Files\webresearch\wrget.exe" \startupcheck

Scan WRGet.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.