dailywiki.exe

DailyWiki

The application dailywiki.exe by DailyWiki has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. This file is typically installed with the program DailyWiki - DailyWiki for Desktop by DailyWiki.
Publisher:
DailyWiki  (signed and verified)

MD5:
e02652140ab7b3863060c5f16d5a70f3

SHA-1:
6a277e35d80404d9f4678171b018265807cd902b

SHA-256:
7abd5ac8902ec46454a3c40e7a41f9ac2b9d8dcb3e5438f53db4b4c71334d50b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 8:53:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DailyWiki (M)
16.2.28.20

File size:
45.8 MB (48,006,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature
Signed by:

Authority:
DailyWiki

Valid from:
9/19/2015 12:16:51 PM

Valid to:
9/16/2025 12:16:51 PM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
3/5/2015 4:51:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:uLJmRGIXff9keaayimwJZHM3SD3K4mNCesWePrumsEUF0pfkUD42R:utmRGIXff923imwJZMCDVVesWewFXUDL

Entry address:
0x1C996D1

Entry point:
E8, 9A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, 38, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, 38, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, 38, EC, 02, 02, 74, 21, 6A, 17, E8, A9, 21, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyWiki

Command:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su


The file dailywiki.exe has been discovered within the following program.

About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to s-prd-umpxl-adcom-scd-a.evip.aol.com  (152.163.13.4:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP SSL):
Connects to pr-bh.pbp.vip.ir2.yahoo.com  (77.238.185.35:443)

TCP (HTTP SSL):
Connects to ec2-54-246-115-141.eu-west-1.compute.amazonaws.com  (54.246.115.141:443)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP SSL):
Connects to ec2-23-20-16-10.compute-1.amazonaws.com  (23.20.16.10:443)

TCP (HTTP):
Connects to e2.ycpi.vip.deb.yahoo.com  (87.248.118.23:80)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.deb.yahoo.com  (87.248.118.22:443)

TCP (HTTP SSL):
Connects to cserv-um-v01-22a.ams2.btrll.com  (185.62.216.50:443)

TCP (HTTP SSL):
Connects to bc.80.fd9f.ip4.static.sl-reverse.com  (159.253.128.188:443)

TCP (HTTP SSL):
Connects to 115.98.199.104.bc.googleusercontent.com  (104.199.98.115:443)

TCP (HTTP SSL):
Connects to a92-122-181-215.deploy.akamaitechnologies.com  (92.122.181.215:443)

TCP (HTTP):
Connects to 242.244.178.107.bc.googleusercontent.com  (107.178.244.242:80)

TCP (HTTP SSL):
Connects to proxy.vip.pod3.dub1.zdsys.com  (185.12.82.1:443)

TCP (HTTP SSL):
Connects to a173-223-11-144.deploy.static.akamaitechnologies.com  (173.223.11.144:443)

TCP (HTTP SSL):
Connects to a92-122-181-82.deploy.akamaitechnologies.com  (92.122.181.82:443)

TCP (HTTP SSL):
Connects to a23-217-107-124.deploy.static.akamaitechnologies.com  (23.217.107.124:443)

TCP (HTTP SSL):
Connects to a23-212-21-190.deploy.static.akamaitechnologies.com  (23.212.21.190:443)

TCP (HTTP SSL):
Connects to 206-135.amazon.com  (72.21.206.135:443)

Remove dailywiki.exe - Powered by Reason Core Security