fwxbsrq1vb72.exe

WAT Software Rotterdam

The application fwxbsrq1vb72.exe by WAT Software Rotterdam has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named DealPly triggered daily at a specified time.
Publisher:
yuJGCWrEVPY  (signed by WAT Software Rotterdam)

Description:
UKIDtxGANJtG.exe

Version:
6.1.378.2992

MD5:
a6469b7d3a39319b9522e2ff18e2e805

SHA-1:
83969508f08392c1bc8720a3bb0f5bdaaa6774da

SHA-256:
7400c863ad4232b92139239c1abd03c9392d6e78bc92353a3f07533989851267

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:41:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Dealply (M)
16.2.23.3

File size:
346.6 KB (354,896 bytes)

Product version:
6.1.378.2992

Copyright:
Copyright (C) 2008-2014 AJgMbOwaBEVRyhekbIN htDFhRCN3EjcX1sQxs

Original file name:
Build.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\csillzc\fwxbsrq1vb72.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/15/2014 12:00:00 AM

Valid to:
7/15/2015 11:59:59 PM

Subject:
CN=WAT Software Rotterdam, O=WAT Software Rotterdam, STREET=Zestienhovensekade 197, L=Rotterdam, S=Zuid Holland, PostalCode=3043KM, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5182E5B24A4BCE268960C54B36E71D02

File PE Metadata
Compilation timestamp:
4/8/2015 12:48:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:1tiNlClbFxi090qOeV4b83aw8nXXQloimzzDwLPxXJ5/B6/BhCj0ix:biCY09h7sgawiXXg476DZ6p0j0+

Entry address:
0x5550E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
333.5 KB (341,504 bytes)

Scheduled Task
Task name:
DealPly

Trigger:
Daily (Runs daily at 00:24)


Remove fwxbsrq1vb72.exe - Powered by Reason Core Security