webshieldsetup.exe

The application webshieldsetup.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from pro-net.work.
MD5:
10de2b4b258df1743643843a13f7d3c4

SHA-1:
3fd5585324f3c256f586bb6fe19aff352229d2c1

SHA-256:
7b1d680957e6f8e2f9cbd496014c741d141cf2c5830f600f16da75ea7f770200

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:02:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebShield (M)
16.9.21.8

File size:
2.8 KB (2,857 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\webshieldsetup.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
48:+BDKWgutgRZkPyQZrQSYWBYTTdf4ZPL2/cNocJUsmYX/8glusObUSHo4QnkXJnB5:QDKTuYkBZkSYWs+Z6cyc2kHludb1o4Q4

Entry point:
35, 7E, 67, EF, C7, 11, 88, 02, 0F, C2, B9, 55, 96, 2F, 4F, 0D, CB, DC, 0A, 3A, 1A, 16, C6, 79, 63, 8D, D3, 3A, B4, 43, CE, 6C, A0, 50, BA, 3C, 8C, 4D, 82, 3A, B4, D2, 96, 0E, 56, D7, 09, C2, 9C, 4B, 7A, 72, EF, 47, B6, 19, 7D, 07, 4A, 95, 76, 83, EF, DB, AD, F6, F9, 2E, 15, 82, 74, 64, 92, B1, 96, AB, F5, 03, CE, F7, 3A, EC, AB, C7, 3D, 86, 5F, 30, EB, 27, 6F, F9, BD, 81, AD, 6A, 1C, 97, C4, EF, 49, 0F, A2, 12, 90, 89, CE, 0C, 3F, 22, 9D, 4F, A9, 4F, 5D, CB, 76, 64, 3C, D5, C8, EC, 06, BD, 48, 20, A5, 3F...
 
[+]

The file webshieldsetup.exe has been seen being distributed by the following URL.

Remove webshieldsetup.exe - Powered by Reason Core Security