dailywiki.exe

DailyWiki

The executable dailywiki.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. While running, it connects to the Internet address london-10.cdn77.com on port 443.
Publisher:
DailyWiki  (signed and verified)

MD5:
a19760518f057fd0ef4c8c903122f066

SHA-1:
48a1fcc0e526d69fb914f89f71aa5908d3ea6fed

SHA-256:
47b3f702e54cde131784e834bd0ff4cd0a727349cd61d8d3f44125f333452fef

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 2:30:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.1.19

File size:
45.6 MB (47,851,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature
Signed by:

Authority:
DailyWiki

Valid from:
9/19/2015 11:16:51 AM

Valid to:
9/16/2025 11:16:51 AM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/17/2017 11:17:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C9A083

Entry point:
E8, 98, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, A7, 20, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 6A, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, 97, 24, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A7, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 14, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8803

Code size:
34.9 MB (36,637,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyWiki

Command:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-nrt1.fbcdn.net  (31.13.82.7:443)

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to r2.ycpi.vip.tp2.yahoo.net  (124.108.101.11:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-nrt1.facebook.com  (31.13.82.36:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-nrt1.facebook.com  (31.13.82.2:443)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.jpa.yahoo.com  (119.161.4.32:443)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP):
Connects to ec2-54-221-206-77.compute-1.amazonaws.com  (54.221.206.77:80)

TCP (HTTP):
Connects to ec2-54-197-233-136.compute-1.amazonaws.com  (54.197.233.136:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lht6.fbcdn.net  (157.240.1.23:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lhr3.fbcdn.net  (31.13.90.6:443)

TCP (HTTP SSL):
Connects to text-lb.ulsfo.wikimedia.org  (198.35.26.96:443)

TCP (HTTP SSL):
Connects to tag-direct.ams.contextweb.com  (74.214.194.86:443)

TCP (HTTP):
Connects to tacoda-atwola-prod-mtc-a.evip.aol.com  (64.12.235.98:80)

TCP (HTTP):
Connects to server-54-230-7-55.dfw3.r.cloudfront.net  (54.230.7.55:80)

TCP (HTTP SSL):
Connects to server-54-230-5-154.dfw3.r.cloudfront.net  (54.230.5.154:443)

TCP (HTTP SSL):
Connects to server-54-230-233-63.nrt12.r.cloudfront.net  (54.230.233.63:443)

Remove dailywiki.exe - Powered by Reason Core Security