» wdsrvwrapper.exe
Overview
Analysis
File Details
Downloads (1)
Network (6)

wdsrvwrapper.exe

The application wdsrvwrapper.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. The file has been seen being downloaded from numbercounters.com. While running, it connects to the Internet address dl19.clickmein.com on port 443.

File name:

wdsrvwrapper.exe

MD5:

b827254865808e6da1c6ace8975fc42c

SHA-1:

3a9a181aa6d9bacd337b7ad2ad20d32ea3fe3e1d

SHA-256:

0edc38bfd729b31806caa1b3d7085ddac2a516b5f0b135ca2134ed600b4cc8cd

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 3:59:50 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Adware.W32.Vopak!c

2.1.4+

Baidu Antivirus

NSIS.Adware.XXPackage

4.0.3.1734

Bkav FE

HW32.Packed

1.3.0.8876

Kaspersky

not-a-virus:AdWare.Win32.Vopak

15.0.2.529

McAfee

Artemis!B82725486580

5600.6105

Quick Heal

Pua.Vopak

3.17.14.00

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.s

3.12.26.4

Zillya! Antivirus

Adware.ConvertAd.Win32.48634

2.0.0.3221

File size:

46.8 KB (47,959 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wdsrvwrapper.exe

File PE Metadata

Compilation timestamp:

7/25/2016 7:55:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x310F

Entry point:

81, EC, 84, 01, 00, 00, 53, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 18, C7, 44, 24, 10, 98, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, A8, 70, 40, 00, FF, 15, A4, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, 7C, 2F, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, BE, 98, 72, 40, 00, 56, E8, F8, 2E, 00, 00, 56, FF, 15, A0, 70, 40, 00, 8D, 74, 06, 01, 38, 1E, 75, EB, 55, 6A, 09, E8, 4F, 2F, 00, 00, 6A, 07, E8, 48, 2F, 00, 00, A3, 04, E4, 42, 00, FF, 15, 44, 70, 40, 00, 53, FF, 15, 88... 
[+]

Entropy:

6.9359

Code size:

24 KB (24,576 bytes)

The file wdsrvwrapper.exe has been seen being distributed by the following URL.

https://numbercounters.com/.../WDSrvWrapper.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to dl19.clickmein.com (50.7.184.162:443)

TCP (HTTP SSL):

Connects to dl21.clickmein.com (216.227.128.186:443)

TCP (HTTP):

Connects to ch4plpkivs-v03.any.prod.ord1.secureserver.net (50.63.243.230:80)

TCP (HTTP):

Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net (182.50.136.239:80)

TCP (HTTP):

Connects to sg2plpkivs-v01.any.prod.sin2.secureserver.net (182.50.136.237:80)

TCP (HTTP):

Connects to n1plpkivs-v01.any.prod.ams1.secureserver.net (188.121.36.237:80)

Remove wdsrvwrapper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.