setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe

Western Web Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
UpdaterResponse  (signed by Western Web Applications, LLC)

Product:
UpdaterResponse

Version:
3, 0, 0, 1

MD5:
fab9a5ef42658ea15a5c298f67ff607a

SHA-1:
6b82feac5cb9128240d29037a23048d22cb9899e

SHA-256:
09816d06031d6f6a28edee6692669066c91c5f2f1b09b84adc3e8e59ab07992f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/27/2024 2:38:55 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.1.4.23

File size:
735.6 KB (753,296 bytes)

Product version:
3, 0, 0, 1

Original file name:
response.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\setup{81aa2c5c-372a-4c90-b5a0-b1ffdc33ad05}.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/24/2013 4:30:00 AM

Valid to:
5/25/2014 4:29:59 AM

Subject:
CN="Western Web Applications, LLC", O="Western Web Applications, LLC", STREET=640 E Grand Ave, STREET=Suite 129, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2A1B337726D509D16C17362E2E625DE9

File PE Metadata
Compilation timestamp:
9/11/2013 2:30:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x864FA

Entry point:
E8, 90, 7B, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 18, 71, 4A, 00, E8, D0, 09, 00, 00, 6A, 0E, E8, 45, 4E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 18, C6, 4A, 00, BA, 14, C6, 4A, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 37, D0, FF, FF, 59, FF, 76, 04, E8, 2E, D0, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, BF, 09, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 11, 4D, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
6.7102

Code size:
597.5 KB (611,840 bytes)