WebNotifier.exe

TODO:

TODO: <Company name>

The file WebNotifier.exe has been detected as a potentially unwanted program by 11 anti-malware scanners. The file has been seen being downloaded from counter99.com. While running, it connects to the Internet address dl19.clickmein.com on port 80 using the HTTP protocol.
Publisher:
TODO:

Product:
TODO: <Product name>

Description:
WebNotifier

Version:
1.0.0.1

MD5:
b5603ff5caf695765f3434083eaf19bd

SHA-1:
6f3f9941b48fbe6fa5a5444e416012591b516da2

SHA-256:
a758aac8b5875d927a8c5fe6c9fff6f947cc33daf1d1fdf40516f85666fd0906

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:03:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2901838
425

AhnLab V3 Security
PUP/Win32.ConvertAd
2015.12.05

Arcabit
Trojan.Generic.D2C474E
1.0.0.628

Bitdefender
Trojan.GenericKD.2901838
1.0.20.1705

Emsisoft Anti-Malware
Trojan.GenericKD.2901838
8.15.12.07.03

F-Secure
Trojan.GenericKD.2901838
11.2015-07-12_2

G Data
Trojan.GenericKD.2901838
15.12.25

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1009

McAfee
Artemis!B5603FF5CAF6
5600.6559

MicroWorld eScan
Trojan.GenericKD.2901838
16.0.0.1023

nProtect
Trojan.GenericKD.2901838
15.12.04.01

File size:
1.7 MB (1,783,296 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
WebNotifier.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\nsi827c.tmp

File PE Metadata
Compilation timestamp:
10/31/2015 12:48:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:2Jw5OUJaRhUtiyIq4woXOTyyH7VRgDV/xtO3VhyVEfwQO94Lna0tt15:2HUJKUUq4woXXyH7VRgDFxtOFMmwn94l

Entry address:
0x104A3E

Entry point:
E8, F6, 6A, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, EC, 4D, 57, 00, 75, 02, F3, C3, E9, 7D, 6B, 00, 00, 8B, FF, 51, C7, 01, E0, F9, 54, 00, E8, 75, 6C, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, E9, E2, EF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, B3, 6C, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, A7, 15...
 
[+]

Entropy:
6.4385

Code size:
1.2 MB (1,211,904 bytes)

The file WebNotifier.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dl21.clickmein.com  (216.227.128.186:80)

TCP (HTTP SSL):
Connects to ec2-54-214-36-35.us-west-2.compute.amazonaws.com  (54.214.36.35:443)

TCP (HTTP):
Connects to dl19.clickmein.com  (50.7.184.162:80)

Remove WebNotifier.exe - Powered by Reason Core Security