» wsock.exe
Overview
Analysis
File Details

wsock.exe

XYZCompany

The executable wsock.exe has been detected as malware by 12 anti-virus scanners.

File name:

wsock.exe

Publisher:

XYZCompany (signed and verified)

MD5:

dd95e6e1d64b279fca51cf8f5f7abf36

SHA-1:

22a2fa170c50ef38d73e6cffa3bc1bdddfc1fda7

SHA-256:

09bfe80900b4efe99a7384d4594164386e9dabf2dbb3ce9cc05376172825b496

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/25/2024 8:07:11 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.95112

7.11.123.138

avast!

Win32:Malware-gen

2014.9-140503

AVG

Generic29

2015.0.3486

Bkav FE

W32.Cloda1e.Trojan

1.3.0.4613

Clam AntiVirus

Win.Trojan.Agent-434941

0.98/18155

G Data

Win32.Trojan.Agent.C1E9NI

14.5.22

IKARUS anti.virus

Win32.Malware

t3scan.2.2.29

McAfee

Generic-FRAX!DD95E6E1D64B

5600.7142

Norman

Suspicious_Gen2.TXOQL

11.20140503

Rising Antivirus

PE:Trojan.Win32.Generic.1530805B!355500123

23.00.65.14501

VIPRE Antivirus

Trojan.Win32.Generic

25092

ViRobot

Trojan.Win32.Agent.95112

2011.4.7.4223

File size:

92.9 KB (95,112 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\common files\systemengines\wsock.exe

Digital Signature

Signed by:

XYZCompany

Authority:

Root Agency

Valid from:

11/18/2010 4:30:51 PM

Valid to:

12/31/2039 11:59:59 PM

Subject:

CN=XYZCompany

Issuer:

CN=Root Agency

Serial number:

DC8435DB0DA5DCAB4B41EF7CCB592471

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

1536:nEq5nUQcUnAYw3X+Aw3nOZx95G1eAPJMGqfhbgdK7IrIhtGjDXgQZZ2bIQkD:FnU1US+T3nox95G1eUJM/fhbgdKMrqtY

Entry address:

0x138B0

Entry point:

55, 8B, EC, B9, 05, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, B8, 20, 38, 41, 00, E8, BA, 1D, FF, FF, 33, C0, 55, 68, DC, 39, 41, 00, 64, FF, 30, 64, 89, 20, E8, EB, EF, FF, FF, 8D, 55, E4, 33, C0, E8, 55, F0, FE, FF, 8B, 45, E4, 8D, 55, E8, E8, A6, F9, FF, FF, 8B, 45, E8, E8, 22, FD, FF, FF, B8, FC, 58, 41, 00, E8, A0, 01, FF, FF, E8, D3, EF, FE, FF, 85, C0, 7E, 42, 89, 45, EC, C7, 05, F8, 58, 41, 00, 01, 00, 00, 00, FF, 35, FC, 58, 41, 00, 68, F0, 39, 41, 00, 8D, 55, E0, A1, F8, 58, 41, 00, E8, 0A, F0... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

75 KB (76,800 bytes)

Remove wsock.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.