» wtcloader.exe
Overview
Analysis
File Details

wtcloader.exe

NesterSoft Inc.

File name:

wtcloader.exe

Publisher:

NesterSoft Inc. (signed and verified)

MD5:

a5f29084bf7e0c7910dc0b6ff1b37fe1

SHA-1:

db1f874f6d9d5f88b54920f406601ca67b574bd5

SHA-256:

d7c357be40baee98e1040fabbc1c958f0a613606d5b9257477f10485ebe80ab1

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 7:49:27 AM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

HEUR/Malware.QVM05.Gen

1.0.0.1015

File size:

55.7 KB (57,040 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\wtc\wtcloader.exe

Digital Signature

Signed by:

NesterSoft Inc.

Authority:

COMODO CA Limited

Valid from:

12/10/2012 3:30:00 AM

Valid to:

12/11/2017 3:29:59 AM

Subject:

CN=NesterSoft Inc., O=NesterSoft Inc., POBox=12303, STREET=5100 Rutherford Rd, L=Woodbridge, S=ON, PostalCode=L4H 2T3, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A056C463A4EC17466BB9FACD80ED8606

File PE Metadata

Compilation timestamp:

6/20/1992 2:52:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

768:Ave6oqT1sz/NwLOKgkJAKh1KgM8ftVlrc8erVePLeQ+69Q24f6tKOs7GwRZxhTxb:AmfqT1sgKCvreQlQ64O8DRHhTt

Entry address:

0xA050

Entry point:

55, 8B, EC, B9, 07, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, B8, C8, 9F, 40, 00, E8, 6B, A8, FF, FF, 33, C0, 55, 68, 6A, A2, 40, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, 33, C0, E8, D3, 86, FF, FF, 8B, 45, E8, 8D, 4D, EC, BA, 80, A2, 40, 00, E8, 53, B8, FF, FF, 8B, 55, EC, A1, D4, B3, 40, 00, E8, 22, 99, FF, FF, B8, 90, A2, 40, 00, E8, A4, FA, FF, FF, 8D, 45, E4, E8, EC, FC, FF, FF, 8B, 55, E4, B8, 6C, C8, 40, 00, B9, A0, A2, 40, 00, E8, 66, 9B, FF, FF, A1, 6C, C8, 40, 00, E8, 48, FE, FF, FF, DD, 1D, 70, C8... 
[+]

Entropy:

6.5122

Developed / compiled with:

Microsoft Visual C++

Code size:

37 KB (37,888 bytes)

Scan wtcloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.