dailywiki.exe

DailyWiki

The executable dailywiki.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyWiki’. This file is typically installed with the program DailyWiki - DailyWiki for Desktop by DailyWiki.
Publisher:
DailyWiki  (signed and verified)

MD5:
6016aa601093d11cfeec21870d85c5da

SHA-1:
eefb8e2739ef43ae058150a9c66cf6a9bab8ac70

SHA-256:
9e6811e888d32f817f9456aa1a75a3e0358f647fe0a07b6a2e374779e18cefc7

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 4:46:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.10.18

File size:
45.6 MB (47,825,304 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe

Digital Signature
Signed by:

Authority:
DailyWiki

Valid from:
9/19/2015 12:16:51 PM

Valid to:
9/16/2025 12:16:51 PM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/17/2017 12:17:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C9A083

Entry point:
E8, 98, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, A7, 20, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 6A, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, 97, 24, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A7, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 14, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,637,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyWiki

Command:
C:\users\{user}\appdata\roaming\dailywiki\dailywiki.exe su


The file dailywiki.exe has been discovered within the following program.

About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to upload-lb.ulsfo.wikimedia.org  (198.35.26.112:443)

TCP (HTTP SSL):
Connects to text-lb.ulsfo.wikimedia.org  (198.35.26.96:443)

TCP (HTTP SSL):
Connects to unknown.telstraglobal.net  (210.176.156.45:443)

TCP (HTTP):

TCP (HTTP):
Connects to s-prd-pxl-adcom-scd-a.evip.aol.com  (152.163.13.6:80)

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP):
Connects to tags.expo9.exponential.com  (204.11.109.78:80)

TCP (HTTP):
Connects to server-54-230-87-99.lax3.r.cloudfront.net  (54.230.87.99:80)

TCP (HTTP):
Connects to server-54-230-87-92.lax3.r.cloudfront.net  (54.230.87.92:80)

TCP (HTTP):
Connects to server-54-230-87-227.lax3.r.cloudfront.net  (54.230.87.227:80)

TCP (HTTP):
Connects to server-54-230-87-220.lax3.r.cloudfront.net  (54.230.87.220:80)

TCP (HTTP):
Connects to server-54-230-87-166.lax3.r.cloudfront.net  (54.230.87.166:80)

TCP (HTTP SSL):
Connects to server-54-192-84-79.lax3.r.cloudfront.net  (54.192.84.79:443)

TCP (HTTP SSL):
Connects to server-54-192-233-128.nrt12.r.cloudfront.net  (54.192.233.128:443)

TCP (HTTP SSL):
Connects to info200.121ware.com  (211.4.244.200:443)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP):
Connects to ec2-52-26-250-195.us-west-2.compute.amazonaws.com  (52.26.250.195:80)

TCP (HTTP SSL):
Connects to a23-9-162-186.deploy.static.akamaitechnologies.com  (23.9.162.186:443)

TCP (HTTP):
Connects to a23-215-100-58.deploy.static.akamaitechnologies.com  (23.215.100.58:80)

Remove dailywiki.exe - Powered by Reason Core Security