home

wxdltfqzz.exe

Crime Watch

Mathematical Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application wxdltfqzz.exe by Mathematical Applications has been detected as adware by 6 anti-malware scanners. This file is typically installed with the program CrimeWatch by Mathematical Applications which is a potentially unwanted software program. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Mathematical Applications  (signed and verified)

Product:
Crime Watch

Description:
CrimeWatch

Version:
1.0.0.0

MD5:
7d2392df53fd7263593bd7aa3dc9da1f

SHA-1:
c3bf4cfe35c787360ab88029adb78d0da8ef89fc

SHA-256:
c73f60f51e2e6505abe9873ae84a4adc57256a36bccfe7975e6e6932186c9715

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/20/2024 4:03:49 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader
2015.0.3253

ESET NOD32
MSIL/Adware.PullUpdate.G.gen (variant)
8.10912

IKARUS anti.virus
PUA.Downloader
t3scan.1.8.5.0

Malwarebytes
PUP.Optional.CrimeWatch.A
v2014.12.22.08

NANO AntiVirus
Trojan.Win64.Downware.dhdcgg
0.28.6.64267

Reason Heuristics
PUP.MathematicalApplications.J
14.12.22.8

File size:
48.8 KB (49,992 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Mathematical Applications 2014

Original file name:
CrimeWatch.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\application data\zmohfuoe\dat\wxdltfqzz.exe

Digital Signature
Signed by:
Mathematical Applications

Authority:
VeriSign, Inc.

Valid from:
10/26/2014 7:00:00 PM

Valid to:
10/27/2015 6:59:59 PM

Subject:
CN=Mathematical Applications, O=Mathematical Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79F6406432970C77D2FA7772E5EB6BDC

File PE Metadata
Compilation timestamp:
12/18/2014 6:10:01 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:9NUUO+SD0QYpn//sX7CuVRDqTfNJXMxCiXUH41FmpPYyYm:oblAQYpn/kDVRDqRJXMxRkHaNy

Entry address:
0xBF6E

Entry point:
48, A1, 00, 20, 00, 40, 00, 00, 00, 00, FF, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6466

Code size:
40 KB (40,960 bytes)

The file wxdltfqzz.exe has been discovered within the following program.

CrimeWatch  by Mathematical Applications
CrimeWatch (by Injekts Media, dba Mathematical Applications) is an ad-supported program that may deliver third-party advertisements in the form of coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links through means including but not limited to the content of any web page accessed, plug-ins, add-ons, or the browser itself.
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-62-251-27.deploy.static.akamaitechnologies.com  (23.62.251.27:80)

TCP (HTTP):
Connects to ec2-52-16-174-255.eu-west-1.compute.amazonaws.com  (52.16.174.255:80)

Remove wxdltfqzz.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.