scratc.exe

Setup

WesternDigital

The application scratc.exe, “WesternDigital Setup” has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from ultrauploadshare.com.
Publisher:
WesternDigital

Product:
Setup

Description:
WesternDigital Setup

Version:
1.1.2.0

MD5:
c492dec0359596ec28f205e77b4442d6

SHA-1:
b6019d414304da035b4d194d1ad5969cd542162c

SHA-256:
2af6502b880c7fcfff9f89cf506a4608f9ff71fed0f5fe925ae44daf057bc344

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:30:16 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Joedown.476376.1
7.11.217.240

AVG
Downloader
2017.0.2674

Baidu Antivirus
Trojan.Win32.StartPage
4.0.3.16722

Dr.Web
Trojan.KillFiles.18730
9.0.1.0204

ESET NOD32
MSIL/Adware.Joedown (variant)
10.11331

Fortinet FortiGate
W32/StartPage.A!tr
7/22/2016

IKARUS anti.virus
not-a-virus:AdWare.MSIL.Agent
t3scan.1.8.6.0

Kaspersky
Trojan.Win32.StartPage
14.0.0.-134

McAfee
Artemis!C492DEC03595
5600.6330

Panda Antivirus
Generic Suspicious
16.07.22.09

Qihoo 360 Security
Win32/Trojan.7c7
1.0.0.1015

Sophos
Generic PUA LG
4.98

File size:
459 KB (470,016 bytes)

Product version:
1.1.2.0

Copyright:
WesternDigital

Trademarks:
WesternDigital

Original file name:
WesternDigital.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\scratc.exe

File PE Metadata
Compilation timestamp:
3/16/2015 11:42:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:KS/J1s0ldUmx/bLbYnwch3SoMGsgL7GZOsLa30hTbJfBYU:KS/J1sGdUmx/bwnwcco/nGZY091

Entry address:
0x6370E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
390 KB (399,360 bytes)

The file scratc.exe has been seen being distributed by the following URL.

Remove scratc.exe - Powered by Reason Core Security