» hcwpwebcomponents.exe
Overview
Analysis
File Details
Downloads (1)

hcwpwebcomponents.exe

HCWP Web Components

The executable hcwpwebcomponents.exe, “HCWP Web Components Setup ” has been detected as malware by 11 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from chinnan123.dyndns.biz.

File name:

Product:

HCWP Web Components

Description:

HCWP Web Components Setup

Version:

3.0.4.14

MD5:

ea67f88bda136b787d5c54356e5c0a1a

SHA-1:

b7a5de8aef4fca686e282e360fd879f59d398a90

SHA-256:

00d2f287b2975bcca636287d80450e8feb005c41d53d64347d475ad0d3d0fcb2

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/15/2024 7:38:50 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160215-2

AVG

Win32/Sality

2015.0.4530

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.E.gen

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.846.0

Norman

Win32.Sality.3

29.02.2016 03:11:57

File size:

1 MB (1,065,952 bytes)

Product version:

3.0.4.14

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\hcwpwebcomponents.exe

File PE Metadata

Compilation timestamp:

6/20/1992 3:52:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:6/ZvcK1Pke9BC5k/QpRVKegMnMp52CWTtS6Dk1yn5ychS6v:sVv1PREa43VNgMMpMPXA1yn5ZA4

Entry address:

0x9978

Entry point:

60, 85, D1, 0F, A4, F5, 58, 0F, BE, D0, 89, FE, 0F, AB, FA, 68, 71, C5, E0, 00, 68, E4, 16, 85, 00, FF, C7, 0F, BD, F6, 0F, AD, F5, 69, CD, 77, A5, D6, D8, 03, D7, 81, C7, 4E, 7B, 52, 14, F7, D6, E8, 21, 00, 00, 00, D0, ED, F3, C0, D9, E7, 0F, BA, FE, 7B, C6, C1, CE, 81, C2, C8, D0, FD, FF, 69, F8, 50, 29, 1D, D0, D0, E0, 81, C2, 2D, 46, 02, 00, 81, E8, C6, 0C, B9, AA, 0F, AF, CA, 81, FF, 3D, A8, 00, 00, 73, 0C, 25, 1B, D4, 26, 45, 0F, A4, DB, 8F, 0F, BE, C7, F2, C1, D1, 65, 4A, 81, FD, 0D, 56, 00, 00, 5D... 
[+]

Entropy:

7.9802 (probably packed)

Code size:

36.5 KB (37,376 bytes)

The file hcwpwebcomponents.exe has been seen being distributed by the following URL.

http://chinnan123.dyndns.biz/.../HCWPWebComponents.exe

Remove hcwpwebcomponents.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.