home

cveixwi.exe

VuuPC

VuuPC Limited

The application cveixwi.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download-ap.com.
Publisher:
VuuPC Limited

Product:
VuuPC

Description:
VuuPC Setup

Version:
1.0.0.270

MD5:
59586dee6d673f41bef0bd3731bed592

SHA-1:
f1366254dedb153e1acd46ab95044a7c1eb5a81f

SHA-256:
dead3569364cacba2e99e8fcf7a8046dc952846e4980e934a4360989e1736ee3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:14:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.VuuPC (M)
16.3.28.22

File size:
500.5 KB (512,466 bytes)

Product version:
1.0.0.270

Copyright:
Copyright 2012

Trademarks:
VuuPC is a trademark of VuuPC Limited

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\cveixwi.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Fe+Mg78dRnzWlY4+dFjJffZmzrFxxwkHTDYctgc/LA2BnZwUjVi+qupf2+NXGHas:PQHni3cTfwzrFvZHgxOZtlvXG6Fidmbq

Entry address:
0x5A000

Entry point:
90, 90, BB, 26, A3, 14, 01, 90, BE, 18, A0, 45, 00, BA, 98, 05, 00, 00, 31, 1C, 32, 83, EA, 04, 90, 90, 75, F6, CE, DE, 15, 01, 26, A3, 14, 01, 26, A3, 54, 01, DC, 93, 14, 01, 2A, B8, 11, 01, F4, 82, 11, 01, 26, 13, 16, 01, D9, 5C, EB, FE, 46, D3, 54, 01, B6, DA, 54, 01, 84, DA, 54, 01, E2, C4, 14, 01, A8, DA, 14, 01, 86, DA, 14, 01, 46, C1, 14, 01, A8, DA, 14, 01, 86, DA, 14, 01, 26, A3, 14, 01, 26, A3, 14, 01, 26, A3, 14, 01, 26, A3, 14, 01, F2, D3, 54, 01, 26, A3, 14, 01, 26, A3, 14, 01, 26, A3, 14, 01...
 
[+]

Code size:
23.5 KB (24,064 bytes)

The file cveixwi.exe has been seen being distributed by the following URL.

http://download-ap.com/.../count_vcl.php

Remove cveixwi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.