» wuu_utiltop.exe
Overview
Analysis
File Details

wuu_utiltop.exe

POSTMEDIA Co.,Ltd

The application wuu_utiltop.exe by POSTMEDIA Co.,Ltd has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

wuu_utiltop.exe

Publisher:

POSTMEDIA Co.,Ltd (signed and verified)

MD5:

9b8be59d235fdade7c6ec0abdf443900

SHA-1:

06a20fa7abdde65c7a2fe17f0ad3fbecc64f538b

SHA-256:

08bc53a728c81f5deb14f1daa6aa5e0d4ef7681f6ca0d40a967981b7f5bcd6a6

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/25/2024 9:08:06 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Adkor.45

9.0.1.0302

Malwarebytes

Adware.KorAd

v2015.10.29.06

McAfee

Artemis!09425C938407

5600.6597

NANO AntiVirus

Trojan.Win32.Generic.csnygm

0.30.0.65070

Reason Heuristics

PUP.POSTMEDIA.Installer (M)

15.10.29.18

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

File size:

1.1 MB (1,118,144 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\templates\wuu_utiltop.exe

Digital Signature

Signed by:

POSTMEDIA Co.,Ltd

Authority:

Thawte, Inc.

Valid from:

10/15/2012 8:00:00 PM

Valid to:

1/15/2015 6:59:59 PM

Subject:

CN="POSTMEDIA Co.,Ltd", OU=Dev Team, O="POSTMEDIA Co.,Ltd", L=Nam-gu, S=Busan, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1A0F99EE00FE980DD6E95535BDC8BB31

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:5kY9Y6d+B1oC+ueNmwEhvfxyDLEnZKJ9jo2ThjZ79SeKiBbJd5A8lbJd5A8x:d9Y6chiN0fxy3EnZKJ9joIp9SeHBbSwF

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9846

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove wuu_utiltop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.