home

wwesmackdownvsrawprimaoffic-dm.exe

The application wwesmackdownvsrawprimaoffic-dm.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts. While running, it connects to the Internet address 195.34.13.149.zylom.net on port 80 using the HTTP protocol.
MD5:
fde8e08fbc23917eb8171f9a0544a7db

SHA-1:
d503cc350cab6190f419714d6f0d17a8b1c40c44

SHA-256:
393490b62beb0cf1b6f87555943af1889d5d227c185452bcee0e7a33f6c8012a

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 10:04:18 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Trymedia.Gen
7.1.1

AhnLab V3 Security
Win-Trojan/Trymedia.214016
2015.03.11

Avira AntiVirus
GAME/Dldr.TryMedia.Gen
7.11.215.236

AVG
GameDownloader.TryMedia
2016.0.2974

Clam AntiVirus
Adware.Downloader-11
0.98/21511

Comodo Security
ApplicUnwnt.Win32.Adware.Trymedia
21366

Dr.Web
Adware.TryMedia
9.0.1.0269

ESET NOD32
Win32/Adware.Trymedia potentially unwanted (variant)
9.11301

Fortinet FortiGate
Adware/Trymedia
9/26/2015

F-Prot
W32/Trymedia.B
v6.4.7.1.166

F-Secure
Trojan:W32/Agent.DSQZ
11.2015-26-09_7

G Data
Win32.Adware.Trymedia
15.9.25

K7 AntiVirus
Adware
13.200.15223

Malwarebytes
Adware.TryMedia
v2015.09.26.03

McAfee
Adware-TryMedia
5600.6630

NANO AntiVirus
Riskware.Win32.TryMedia.bgzwh
0.30.0.296

Qihoo 360 Security
Malware.Radar02.Gen
1.0.0.1015

Quick Heal
Win32.AdWare.Trymedia.b
9.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.9.26.15

Rising Antivirus
PE:AdWare.Win32.Trymedia.b!1075091020
23.00.65.15924

Sophos
TryMedia
4.98

SUPERAntiSpyware
Adware.TryMedia
9606

Total Defense
Win32/TryMedia!Adware
37.0.11488

Trend Micro House Call
ADW_TRYMEDIA.IF
7.2.269

Trend Micro
ADW_TRYMEDIA.IF
10.465.26

ViRobot
Trojan.Win32.Trymedia.212992[h]
2014.3.20.0

Zillya! Antivirus
Adware.Trymedia.Win32.2
2.0.0.2093

File size:
209 KB (214,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\wwesmackdownvsrawprimaoffic-dm.exe

File PE Metadata
Compilation timestamp:
4/19/2005 2:17:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:Cto2HyJt6oobhLgaMCLgfl8wofyNqPcJCHrJrUZVGv9fKZ+3jnHo3hQ1bWpbT6tl:CPHy/6TyaMCLgt8ty0O8lq7GE9o

Entry address:
0x1079D

Entry point:
55, 8B, EC, 6A, FF, 68, 58, 8B, 41, 00, 68, 4C, FD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, B8, 80, 41, 00, 33, D2, 8A, D4, 89, 15, 84, FC, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 80, FC, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 7C, FC, 41, 00, C1, E8, 10, A3, 78, FC, 41, 00, 6A, 01, E8, 73, 0F, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 3F, 0B, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.3759

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
84.5 KB (86,528 bytes)

The file wwesmackdownvsrawprimaoffic-dm.exe has been seen being distributed by the following 2 URLs.

http://software-files-a.cnet.com/s/software/10/73/39/.../WWESmackDownvsRAWPrimaOffic-dm.exe

http://files.downloadnow.com/s/software/10/73/39/.../WWESmackDownvsRAWPrimaOffic-dm.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 195.34.13.149.zylom.net  (149.13.34.195:80)

Remove wwesmackdownvsrawprimaoffic-dm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.