hewrdiys.exe

Jewel Quest

Western Web Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application hewrdiys.exe by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Western Web Applications, LLC  (signed and verified)

Product:
Jewel Quest

Description:
JewelQuest

Version:
1.0.0.0

MD5:
9115f166f4cf71de822eaa54b1ad5f46

SHA-1:
4a509e83b8feb89c9b2ac37e1abb84787e9d3114

SHA-256:
4c947229d8d6cf7bc8520e4d3bacda60243daf866b57ddfe81ec4037977d358b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 12:56:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.11.8.8

File size:
48.8 KB (50,000 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Western Web Applications, LLC 2014

Original file name:
JewelQuest.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\dvehfuh\dat\hewrdiys.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/2/2014 7:00:00 PM

Valid to:
6/3/2015 6:59:59 PM

Subject:
CN="Western Web Applications, LLC", O="Western Web Applications, LLC", L=Del Mar, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2846A7B6FF6C3C84D2AC5AD12B664347

File PE Metadata
Compilation timestamp:
6/18/2014 5:46:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:MjO5Czbv9d2FMEi8KHyv4RXuTi9eyFcayRqOknd+:rCzjmME0yQFuyd88fnc

Entry address:
0xBF8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6500

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Remove hewrdiys.exe - Powered by Reason Core Security