» lwf54xb3.exe
Overview
Analysis
File Details
Downloads (10)

lwf54xb3.exe

webplugin

The file lwf54xb3.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The file has been seen being downloaded from 192.168.1.99 and multiple other hosts.

File name:

lwf54xb3.exe

Product:

webplugin

Version:

3, 1, 0, 260043

MD5:

ba7d4d480a2c5cfdc343dd6dfb3f316c

SHA-1:

91366f77c108b1d5bb6bd718bc8473211435d7fd

SHA-256:

7cccade46c315fd305863a338d8eaf0e4cda18bccd51c7d49e10260dd5dee612

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 7:11:13 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Strictor

7.1.1

Avira AntiVirus

TR/Strictor.1048576.23

8.3.1.6

avast!

Win32:Malware-gen

2014.9-150824

Baidu Antivirus

Adware.Win32.Graftor

4.0.3.15824

Bkav FE

W32.Clodea7.Trojan

1.3.0.7062

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.2016908

Kaspersky

not-a-virus:RiskTool.Win32.HiddenInstall

14.0.0.1534

McAfee

RDN/Generic.cf!a

5600.6664

Panda Antivirus

Trj/Chgt.O

15.08.24.06

Trend Micro

TROJ_GEN.R01TC0EFC15

10.465.24

Vba32 AntiVirus

Hoax.CryFile

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

42962

ViRobot

Trojan.Win32.S.Agent.1048576.CI[h]

2014.3.20.0

File size:

1024 KB (1,048,576 bytes)

Product version:

3, 1, 0, 260043

Original file name:

webplugin.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\lwf54xb3.exe.part

File PE Metadata

Compilation timestamp:

3/26/2015 7:54:37 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:Kc/JDXyV0WbZWUjxpuJQO5DUPf87sNHXb59X:Kc/xiV0Wwl9UP6AHLH

Entry address:

0x8286

Entry point:

55, 8B, EC, 6A, FF, 68, 40, 93, 40, 00, 68, 80, 82, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, 90, 90, 40, 00, 59, 83, 0D, 60, CC, 40, 00, FF, 83, 0D, 64, CC, 40, 00, FF, FF, 15, 94, 90, 40, 00, 8B, 0D, 40, AC, 40, 00, 89, 08, FF, 15, 98, 90, 40, 00, 8B, 0D, 3C, AC, 40, 00, 89, 08, A1, 9C, 90, 40, 00, 8B, 00, A3, 68, CC, 40, 00, E8, C3, 00, 00, 00, 83, 3D, 20, AA, 40, 00, 00, 75, 0C, 68, B4, 83, 40, 00, FF, 15, A0, 90... 
[+]

Entropy:

7.9606

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

32 KB (32,768 bytes)

The file lwf54xb3.exe has been seen being distributed by the following 10 URLs.

http://192.168.1.99/webplugin.exe

http://daycare3.quickddns.com:8081/webplugin.exe

http://192.168.53.220/webplugin.exe

http://tecniart83.ddns.net:5555/webplugin.exe

http://192.168.1.25/webplugin.exe

http://newmega.quickddns.com/webplugin.exe

http://98.30.94.213/webplugin.exe

http://192.168.1.86:100/webplugin.exe

http://192.168.2.250:81/webplugin.exe

http://192.168.1.230:100/webplugin.exe

Remove lwf54xb3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.