» 184870.exe
Overview
Analysis
File Details

184870.exe

WebDevAZ Inc

The application 184870.exe by WebDevAZ Inc has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

184870.exe

Publisher:

WebDevAZ Inc (signed and verified)

MD5:

9922e1c7be5532bf6a98db711f87b8d2

SHA-1:

2b02441ab4197ac5a3da47d2d2c3020acd55a8a3

SHA-256:

60124413d9df727302fdc95184155bc25a7f7e27cf6dcd9318ff8d74a699d8c7

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

6/22/2025 6:57:19 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Adware/Relevant.222448.B

2015.03.22

Avira AntiVirus

ADWARE/Adware.Gen

7.11.219.10

avast!

NSIS:Relevant-D [PUP]

2014.9-150522

AVG

RelevantKnowledge

2016.0.3101

Baidu Antivirus

Adware.Win32.RK

4.0.3.15522

Clam AntiVirus

W32S.Adware.RelevantKnowledge

0.98/21511

Comodo Security

TrojWare.Win32.Agent.~dgd

21490

Dr.Web

Adware.WebDevAz.3

9.0.1.0142

ESET NOD32

Win32/Adware.RK.AF

9.11357

Fortinet FortiGate

Riskware/RK

5/22/2015

G Data

Win32.Application.Agent.APIPDD

15.5.25

K7 AntiVirus

Adware

13.202.15338

Malwarebytes

Adware.Relevant

v2015.05.22.06

McAfee

Artemis!9922E1C7BE55

5600.6757

Microsoft Security Essentials

SoftwareBundler:Win32/ThemeXP

1.1.11400.0

Reason Heuristics

PUP.Installer.WebDevAZ

15.5.22.18

Rising Antivirus

PE:Trojan.Win32.Generic.12E6BACE!317110990

23.00.65.15520

Sophos

Generic PUA CL

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Adware

9859

Trend Micro House Call

TROJ_SPNR.3AJH13

7.2.142

Trend Micro

TROJ_SPNR.3AJH13

10.465.22

VIPRE Antivirus

Trojan.Win32.Generic

38646

File size:

217.2 KB (222,448 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\downloads\184870.exe

Digital Signature

Signed by:

WebDevAZ Inc

Authority:

GlobalSign nv-sa

Valid from:

12/8/2011 4:56:37 PM

Valid to:

1/7/2013 6:18:52 PM

Subject:

E=support@webdevaz.com, CN=WebDevAZ Inc, O=WebDevAZ Inc, L=Arizona, S=AZ, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121B1C69318C97BDCACC1595D074DB26445

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:pLk395hYXJpC++W+t++6+++++GKNn9uk9x/Qy4JwHB0kCJiidKcHknR1fmPm/g4x:pQqPSHrYy8UGkGiid7kGPm/g4IY

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove 184870.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.