wcrash.exe

repressivere

Daniel Atallah

The executable wcrash.exe has been detected as malware by 27 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Daniel Atallah  (signed and verified)

Product:
repressivere

Description:
Postiere

Version:
8.04.0001

MD5:
369e959db82ced4c30b0f59fa7a392dc

SHA-1:
d32db07b82e6566e09b16012b4c9557286e0d98f

SHA-256:
9684bb883b32b5ff86b21a62706a38fe4c3698c26dfb0a311cabfca7f63a5766

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
12/25/2024 5:45:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1979787
263

AhnLab V3 Security
Trojan/Win32.MDA
2014.11.24

Avira AntiVirus
TR/Dropper.VB.23679
7.11.188.90

avast!
Win32:Malware-gen
2014.9-160516

AVG
Downloader.Banload2
2017.0.2741

Baidu Antivirus
Trojan.Win32.VBKryjetor
4.0.3.16516

Bitdefender
Trojan.GenericKD.1979787
1.0.20.685

Dr.Web
Trojan.Bankfraud.2005
9.0.1.0137

Emsisoft Anti-Malware
Trojan.GenericKD.1979787
8.16.05.16.01

ESET NOD32
Win32/TrojanDownloader.Banload.ULD
10.10768

Fortinet FortiGate
W32/VBKryjetor.ACC!tr
5/16/2016

F-Secure
Trojan.GenericKD.1979787
11.2016-16-05_2

G Data
Trojan.GenericKD.1979787
16.5.24

IKARUS anti.virus
Trojan-Downloader.Win32.Banload
t3scan.1.8.3.0

K7 AntiVirus
Trojan-Downloader
13.185.14098

Kaspersky
Trojan.Win32.VBKryjetor
14.0.0.202

Malwarebytes
Spyware.Zbot.ED
v2016.05.16.01

McAfee
RDN/PWS-Banker!dn
5600.6397

MicroWorld eScan
Trojan.GenericKD.1979787
17.0.0.411

NANO AntiVirus
Trojan.Win32.Banload.dixzeg
0.28.6.63474

Norman
Suspicious_Gen4.HHTPL
11.20160516

nProtect
Trojan.GenericKD.1979787
14.11.21.01

Panda Antivirus
Trj/Chgt.L
16.05.16.01

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
Suspicious_GEN.F47V1116
7.2.137

VIPRE Antivirus
Trojan.Win32.Generic
35060

File size:
225.8 KB (231,224 bytes)

Product version:
8.04.0001

Copyright:
Forstgebietes4

Trademarks:
Postraketen

Original file name:
Isolation.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\wcrash.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
9/19/2012 5:48:58 AM

Valid to:
9/20/2014 7:56:51 PM

Subject:
E=datallah@pidgin.im, CN=Daniel Atallah, L=Holland, S=Michigan, C=US, Description=FWg32Q3ZaA4V01lM

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
075E

File PE Metadata
Compilation timestamp:
11/15/2014 11:36:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:gFGL5FGAStQkabYM2Yle4h3XiFwpn9bKhrpWhHV+v6hsFJWCvFGEs85Hvr92wuir:tL6IYM2oe4hHiCpCEpVEuziHvR2wtKE

Entry address:
0x1350

Entry point:
68, 70, 4F, 42, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 0C, A4, D1, CF, 15, AD, AE, 42, A1, 34, CE, 88, 0A, C7, 9E, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, E8, 02, 00, 00, 00, 00, 4B, 75, 6C, 74, 75, 72, 77, 65, 74, 74, 62, 65, 77, 65, 72, 62, 73, 33, 00, 00, 20, 08, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, 06, 87, B1, 7A, CE, 96, 1C, 4D, 85, 0E, 77, 92, 6E, E8, C4, 75, 91, 8C, A8, 23, F4, B8, A0, 42, 82, 95, CC, 6F, 3C, 54, EF, A6, 3A, 4F, AD...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
200 KB (204,800 bytes)

Remove wcrash.exe - Powered by Reason Core Security