» wwyh4.exe
Overview
Analysis
File Details

wwyh4.exe

tracking tracking rely database

affects years database

The application wwyh4.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

wwyh4.exe

Publisher:

affects years database

Product:

tracking tracking rely database

Version:

0.6.0.0

MD5:

a1a3291444e2fa713140a3589051413e

SHA-1:

cdf8e4300113a94e38e81017a3e3adbf6f1f95ea

SHA-256:

ec62d81b5a7397a87b6fc7168d31f8d9614beebe8f7547937dc78a6d2bc9c5f9

Scanner detections:

23 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 7:42:47 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.105

919

AhnLab V3 Security

Adware/Win32.Agent

2014.07.24

Avira AntiVirus

ADWARE/Adware.Gen

7.11.164.30

avast!

Win32:Adware-gen [Adw]

140617-1

AVG

Adware Generic_r.QP

2014.0.3986

Bitdefender

Gen:Variant.Adware.Dropper.105

1.0.20.1060

Comodo Security

Application.Win32.Multiplug.R

18982

Dr.Web

Trojan.Crossrider.26348

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.105

8.14.07.31.11

ESET NOD32

Win32/AdWare.MultiPlug.AQ (variant)

8.10157

F-Secure

Gen:Variant.Adware.Dropper.105

11.2014-31-07_5

G Data

Gen:Variant.Adware.Dropper.105

14.7.24

IKARUS anti.virus

AdWare.EzDownloader

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.181.12819

Malwarebytes

PUP.Optional.Dropper

v2014.07.31.11

McAfee

PUP-FMU

5600.7053

MicroWorld eScan

Gen:Variant.Adware.Dropper.105

15.0.0.636

NANO AntiVirus

Trojan.Win32.Siggen6.dctceo

0.28.2.60990

nProtect

Adware.Dropper.T

14.07.27.01

Panda Antivirus

PUP/TSUploader

14.07.31.11

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.31.11

Sophos

MultiPlug

4.98

VIPRE Antivirus

Threat.4150696

31208

File size:

224 KB (229,376 bytes)

Product version:

0.6.0.0

Original file name:

refer the

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wwyh4.exe

File PE Metadata

Compilation timestamp:

7/22/2014 8:00:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:eo0Q9bVZocuUbTL/3qKdU2RmipBY/uWDY+RUgT7v1NHv7qZs3hhQ:D0Q9RxPnDh3Y/lDYhmuC38

Entry address:

0x17D1E

Entry point:

E8, 9F, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, DE, 42, 00, E8, FC, 0D, 00, 00, E8, 2E, 04, 00, 00, 0F, B7, F0, 6A, 02, E8, 32, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4349

Code size:

137.5 KB (140,800 bytes)

Remove wwyh4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.