home

DwNetFilter.exe

Dr.Web

Doctor Web Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from people.drweb.com.
Publisher:
Doctor Web, Ltd.  (signed by Doctor Web Ltd.)

Product:
Dr.Web ®

Description:
Net filtering service

Version:
10.1.0.12091

MD5:
de0826b8813677719c62e882a116f0d2

SHA-1:
370a349beb0929d8d9d7b5a37181b11e0302ed23

SHA-256:
ac93329511e42a9ee37693834b55ba363f10554e0bdd43f747d94a04e61f423a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 1:40:08 PM UTC  (today)

File size:
4.2 MB (4,385,936 bytes)

Product version:
10.1.0.12091

Copyright:
Copyright © Doctor Web, Ltd., 1992-2014

Original file name:
DwNetFilter.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\dwnetfilter.exe

Digital Signature
Signed by:
Doctor Web Ltd.

Authority:
VeriSign, Inc.

Valid from:
10/3/2014 4:00:00 AM

Valid to:
10/28/2017 3:59:59 AM

Subject:
CN=Doctor Web Ltd., O=Doctor Web Ltd., L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71A10027F8F21C10217E9B652A3D60DC

File PE Metadata
Compilation timestamp:
12/9/2014 6:05:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:bryAkplqoR7vAGeJoMKGhU7OxYnx7Sj4ZLzcbTIYEKl420hb2MJn:5AqeARMGheEYndPZLzcO

Entry address:
0x15190

Entry point:
51, E8, F4, DF, 22, 00, 68, 30, 51, 41, 00, FF, 15, 88, E2, 71, 00, 68, 14, 9C, 73, 00, FF, 15, 90, E2, 71, 00, 85, C0, 74, 29, 68, 30, 9C, 73, 00, 50, FF, 15, AC, E1, 71, 00, 85, C0, 74, 19, 8D, 0C, 24, 51, 6A, 05, 68, 4C, 9C, 73, 00, 50, FF, 15, 94, E1, 71, 00, 50, FF, 15, 8C, E2, 71, 00, 83, C4, 04, E9, E5, E1, 22, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, E4, F8, 51, 53, 56, 57, 8B, F8, 8B, 77, 08, 8B, 4E, 18, 8B, 47, 04, 2B, 4E, 14, 8B, 17, 33, DB, 3B, C3, 77, 23...
 
[+]

Code size:
3.1 MB (3,260,928 bytes)

The file DwNetFilter.exe has been seen being distributed by the following URL.

http://people.drweb.com/people/yudin/private/public/netfilter/test_delay/.../dwnetfilter.exe

Scan DwNetFilter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.