dailywiki.exe

DailyWiki

The application dailywiki.exe by DailyWiki has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. This file is typically installed with the program DailyWiki - DailyWiki for Desktop by DailyWiki. While running, it connects to the Internet address text-lb.esams.wikimedia.org on port 443.
Publisher:
DailyWiki  (signed and verified)

MD5:
605919b2f0b07aed93484e87d26b3b98

SHA-1:
182b8624c27de26f2e4e3ec177650f238fc4e0be

SHA-256:
99b1b50cfa992962d7fdd06f38c7e50e64b9f9cde7aa80ee85bde7408e643983

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 6:08:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DailyWik (M)
16.6.30.13

File size:
47.9 MB (50,242,120 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature
Signed by:

Authority:
DailyWiki

Valid from:
9/19/2015 4:46:51 PM

Valid to:
9/16/2025 4:46:51 PM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/20/2016 10:13:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:euK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQpAXcw3:nwC64r1c6ZgnUSrLpbUAdBUQq6/BLFAj

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.9679

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyWiki

Command:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su


The file dailywiki.exe has been discovered within the following program.

About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bam-4.nr-data.net  (50.31.164.174:443)

TCP (HTTP):
Connects to a96-17-182-8.deploy.akamaitechnologies.com  (96.17.182.8:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-108-217-115.deploy.static.akamaitechnologies.com  (104.108.217.115:80)

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP):
Connects to nfy-rubicon-hk2.everesttech.net  (66.117.25.58:80)

TCP (HTTP):
Connects to c0.a2.2ca9.ip4.static.sl-reverse.com  (169.44.162.192:80)

TCP (HTTP):
Connects to server-54-230-216-170.mrs50.r.cloudfront.net  (54.230.216.170:80)

TCP (HTTP):
Connects to server-54-192-217-90.mrs50.r.cloudfront.net  (54.192.217.90:80)

TCP (HTTP):

TCP (HTTP):
Connects to a184-51-126-90.deploy.static.akamaitechnologies.com  (184.51.126.90:80)

TCP (HTTP):
Connects to a104-93-82-187.deploy.static.akamaitechnologies.com  (104.93.82.187:80)

TCP (HTTP SSL):
Connects to 162-180.amazon.com  (207.171.162.180:443)

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a184-51-126-65.deploy.static.akamaitechnologies.com  (184.51.126.65:80)

TCP (HTTP):
Connects to a184-51-126-16.deploy.static.akamaitechnologies.com  (184.51.126.16:80)

Remove dailywiki.exe - Powered by Reason Core Security