dw_util.exe

ADV Publishing

The application dw_util.exe by ADV Publishing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ADV Publishing  (signed and verified)

MD5:
1b192561046d4020427dccc099569952

SHA-1:
19c499587f65e5b3dfc7d9a924c4b3d5694c5826

SHA-256:
ab17f023f1189f45447cd0959cc23c206fc090bd38b149d040859e6604491210

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 1:47:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ADVPubli (M)
16.7.8.13

File size:
183.3 KB (187,656 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\pclk\dw_util.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/13/2015 5:00:00 PM

Valid to:
9/20/2017 5:00:00 AM

Subject:
CN=ADV Publishing, O=ADV Publishing, L=West Hollywood, S=California, C=US

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D3EE7D0C318767DCA11A80A3452B8C4

File PE Metadata
Compilation timestamp:
7/7/2016 1:27:57 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:3m7ygeJrmgl1MeLLNBkgv/5oQC2mC9icPxqGXpl8aADbbyyRDk87/vW2pXwhKs5h:3YygArmgrNBkin1L8aAHOyRDrAEs5C6l

Entry address:
0x861C

Entry point:
E8, BC, 04, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 53, 56, 6A, 17, E8, 1C, 6F, 01, 00, 85, C0, 74, 05, 8B, 4D, 08, CD, 29, 33, F6, 8D, 85, DC, FC, FF, FF, 68, CC, 02, 00, 00, 56, 50, 89, 35, AC, AE, 42, 00, E8, F5, 1B, 00, 00, 83, C4, 0C, 89, 85, 8C, FD, FF, FF, 89, 8D, 88, FD, FF, FF, 89, 95, 84, FD, FF, FF, 89, 9D, 80, FD, FF, FF, 89, B5, 7C, FD, FF, FF, 89, BD, 78, FD, FF, FF, 66, 8C, 95, A4, FD, FF, FF, 66, 8C, 8D, 98, FD, FF, FF, 66, 8C, 9D, 74, FD, FF, FF, 66, 8C, 85, 70, FD...
 
[+]

Entropy:
6.4644

Code size:
128 KB (131,072 bytes)

Remove dw_util.exe - Powered by Reason Core Security