» DeleteWebkitCookie.exe
Overview
Analysis
File Details
Network (1)

DeleteWebkitCookie.exe

The executable DeleteWebkitCookie.exe has been detected as malware by 18 anti-virus scanners. While running, it connects to the Internet address 209-99-40-219.fwd.datafoundry.com on port 80 using the HTTP protocol.

File name:

Version:

0.0.0.0

MD5:

b00f6b284ab9857bf976c736c0755fa1

SHA-1:

512acc6627a984c2d2cf756efb4206c93f67300b

SHA-256:

48047ae3aa6f784b6990e8800ea427d5ef9018fe372a19a4b527e5e38faabd53

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

6/25/2025 3:13:28 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.156266

435

AhnLab V3 Security

Malware/Win32.Generic

2015.11.26

Avira AntiVirus

TR/Dldr.Agent.55808.29

8.3.2.4

Arcabit

Trojan.Zusy.D2626A

1.0.0.624

Bitdefender

Gen:Variant.Zusy.156266

1.0.20.1655

Dr.Web

Trojan.InstallCube.400

9.0.1.0331

Emsisoft Anti-Malware

Gen:Variant.Zusy.156266

8.15.11.27.07

ESET NOD32

MSIL/Agent.QLD (variant)

9.12626

F-Secure

Gen:Variant.Zusy.156266

11.2015-27-11_6

G Data

Gen:Variant.Zusy.156266

15.11.25

IKARUS anti.virus

Trojan.MSIL.Agent

t3scan.1.9.5.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1058

Malwarebytes

Trojan.Agent.MU

v2015.11.27.07

Microsoft Security Essentials

TrojanDownloader:MSIL/Torwofun.B

1.1.12300.0

MicroWorld eScan

Gen:Variant.Zusy.156266

16.0.0.993

Panda Antivirus

Trj/GdSda.A

15.11.27.07

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Sophos

Mal/Generic-S

4.98

File size:

54.5 KB (55,808 bytes)

Product version:

0.0.0.0

Original file name:

DeleteWebkitCookie.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\gemware\deletewebkitcookie.exe

File PE Metadata

Compilation timestamp:

11/25/2015 8:39:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:QKyc2P2tnlsb101oSrRAznoLKXeEU3xHwsOSz2Q8FjP02K7PhQuZiDovG+MvbSru:ec2Q0C1oSrRAznoLKXeEU3xHwsOSz2Qe

Entry address:

0xEE8E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

52 KB (53,248 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 209-99-40-219.fwd.datafoundry.com (209.99.40.219:80)

Remove DeleteWebkitCookie.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.