» wwww.exe
Overview
Analysis
File Details
Behaviors (1)

wwww.exe

tot 应用程序

亚数信息科技（上海）有限公司

The executable wwww.exe, “tot Microsoft 基础类应用程序” has been detected as malware by 20 anti-virus scanners. It runs as a windows Service named “Ghijkl Nopqrstu Wxyabcde Ghij”.

File name:

wwww.exe

Publisher:

亚数信息科技（上海）有限公司 (signed and verified)

Product:

tot 应用程序

Description:

tot Microsoft 基础类应用程序

Version:

1, 0, 0, 1

MD5:

bb8d43e7640efe4bbbc507dec8be057c

SHA-1:

ae85b10eaded39892c6f882d9d740b64f7ccd259

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/20/2024 3:02:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2168650

383

Agnitum Outpost

Trojan.Injector

7.1.1

Avira AntiVirus

TR/Injector.295264

7.11.212.80

avast!

Win32:Agent-AWPU [Trj]

2014.9-160118

AVG

Inject2

2017.0.2861

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.16118

Bitdefender

Trojan.GenericKD.2168650

1.0.20.90

Dr.Web

Trojan.Inject1.52575

9.0.1.018

Emsisoft Anti-Malware

Trojan.GenericKD.2168650

8.16.01.18.06

ESET NOD32

Win32/Injector.BUQG (variant)

10.11224

Fortinet FortiGate

W32/BUQG!tr

1/18/2016

F-Secure

Trojan.GenericKD.2168650

11.2016-18-01_2

G Data

Trojan.GenericKD.2168650

16.1.25

IKARUS anti.virus

Trojan.Win32.Farfli

t3scan.1.8.6.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.799

Malwarebytes

Trojan.Agent.ED

v2016.01.18.06

McAfee

Artemis!BB8D43E7640E

5600.6517

MicroWorld eScan

Trojan.GenericKD.2168650

17.0.0.54

Trend Micro House Call

Suspicious_GEN.F47V0217

7.2.18

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

37854

File size:

288.3 KB (295,264 bytes)

Product version:

1, 0, 0, 1

Original file name:

tot.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinese (PRC)

Common path:

C:\Windows\System32\wwww.exe

Digital Signature

Signed by:

亚数信息科技（上海）有限公司

Authority:

TrustAsia Technologies, Inc.

Valid from:

5/19/2013 4:24:00 PM

Valid to:

5/19/2015 4:24:00 PM

Subject:

CN=亚洲诚信代码签名测试证书, O=亚数信息科技（上海）有限公司, L=上海市, S=上海市, C=CN

Issuer:

CN=TrustAsia Code Signing CA, O="TrustAsia Technologies, Inc.", C=CN

Serial number:

File PE Metadata

Compilation timestamp:

2/13/2015 3:24:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:hKyDcNDtGeadnBeffucUqhrRlXkMKHz37HnXZJmu0Rvuan6HyccMn:UUcKcl0MKLhln

Entry address:

0x8B7E

Entry point:

55, 8B, EC, 6A, FF, 68, D0, D8, 40, 00, 68, 34, 8D, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 58, 8D, 43, 00, 59, 83, 0D, 20, 74, 43, 00, FF, 83, 0D, 30, 74, 43, 00, FF, FF, 15, 54, 8D, 43, 00, 8B, 0D, 0C, 74, 43, 00, 89, 08, FF, 15, B0, 8D, 43, 00, 8B, 0D, 08, 74, 43, 00, 89, 08, A1, 64, 8D, 43, 00, 8B, 00, A3, 14, 74, 43, 00, E8, 34, 01, 00, 00, 39, 1D, 88, 71, 43, 00, 75, 0C, 68, 1E, 8D, 40, 00, FF, 15, 68, 8D... 
[+]

Entropy:

6.1240

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

44 KB (45,056 bytes)

Service

Display name:

Ghijkl Nopqrstu Wxyabcde Ghij

Service name:

Ghijkl Nopqrstu Wxy

Description:

Ghijklmn Pqrstuvwx Abcdefg Ijklmnop Rst

Type:

Win32OwnProcess, InteractiveProcess

Remove wwww.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.