dailywiki.exe

DailyWiki

The executable dailywiki.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. This file is typically installed with the program DailyWiki - DailyWiki for Desktop by DailyWiki.
Publisher:
DailyWiki  (signed and verified)

MD5:
084c47210cef275817abec070fb4545c

SHA-1:
e53b1851e7c65e2b78d36b3eec945f56ee874cd6

SHA-256:
9d0baf208d022be76625dc898ecab3653af319b2183e36a21f843d404fbc0add

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 4:32:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.31.16

File size:
47.9 MB (50,242,360 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature
Signed by:

Authority:
DailyWiki

Valid from:
9/19/2015 12:16:51 PM

Valid to:
9/16/2025 12:16:51 PM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/20/2016 4:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:NuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQpzvle2:AwC64r1c6ZgnUSrLpbUAdBUQq6/BLFzJ

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyWiki

Command:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su


The file dailywiki.exe has been discovered within the following program.

About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.fr.renefurterer-p.ciscloudvalley.fr  (91.238.151.70:80)

TCP (HTTP):
Connects to server-54-230-186-91.cdg51.r.cloudfront.net  (54.230.186.91:80)

TCP (HTTP SSL):
Connects to r-199-59-148-85.twttr.com  (199.59.148.85:443)

TCP (HTTP):
Connects to r-199-59-148-12.twttr.com  (199.59.148.12:80)

TCP (HTTP):
Connects to a96-17-202-216.deploy.akamaitechnologies.com  (96.17.202.216:80)

TCP (HTTP SSL):
Connects to a23-76-195-66.deploy.static.akamaitechnologies.com  (23.76.195.66:443)

TCP (HTTP SSL):
Connects to a23-76-195-190.deploy.static.akamaitechnologies.com  (23.76.195.190:443)

TCP (HTTP):
Connects to a23-76-195-137.deploy.static.akamaitechnologies.com  (23.76.195.137:80)

TCP (HTTP):
Connects to a23-76-194-180.deploy.static.akamaitechnologies.com  (23.76.194.180:80)

TCP (HTTP SSL):
Connects to a23-76-192-66.deploy.static.akamaitechnologies.com  (23.76.192.66:443)

TCP (HTTP):

TCP (HTTP):
Connects to a23-67-252-178.deploy.static.akamaitechnologies.com  (23.67.252.178:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-3-88-97.deploy.static.akamaitechnologies.com  (23.3.88.97:443)

TCP (HTTP SSL):
Connects to a23-3-86-177.deploy.static.akamaitechnologies.com  (23.3.86.177:443)

TCP (HTTP):

TCP (HTTP):
Connects to a23-215-98-136.deploy.static.akamaitechnologies.com  (23.215.98.136:80)

TCP (HTTP):
Connects to a172-233-88-152.deploy.static.akamaitechnologies.com  (172.233.88.152:80)

TCP (HTTP):
Connects to a172-233-68-88.deploy.static.akamaitechnologies.com  (172.233.68.88:80)

TCP (HTTP):
Connects to a172-232-200-195.deploy.static.akamaitechnologies.com  (172.232.200.195:80)

Remove dailywiki.exe - Powered by Reason Core Security