wefisetup_5_142_4.exe

WeFi

The application wefisetup_5_142_4.exe by WeFi has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
WeFi  (signed and verified)

MD5:
87c2030a2083613c4974d238c8145055

SHA-1:
2daed8a1729a661252c22ba076ed4fbffa20b173

SHA-256:
49de10bf183db37981929277ba987e97da0169cdcb6d5a3148762721f37084a7

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/15/2024 11:52:36 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
Adware.NetPumper
v2014.06.28.10

Reason Heuristics
PUP.OpenCandy.Bundler (L)
16.11.30.11

File size:
5.7 MB (5,931,872 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\roaming\opencandy\wefisetup_5_142_4.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
9/26/2007 3:00:00 AM

Valid to:
6/11/2009 2:59:59 AM

Subject:
CN=WeFi, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WeFi, L=Mountain View, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7BFC14183BAF00504E05A13932CFC991

File PE Metadata
Compilation timestamp:
5/3/2008 5:08:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:97Zba/X1CiEL3dUOoE+BIJP6zoCaUuLeZgGNszV0MQqYee4+O:Vo/X1tEs0aaUuitsiMQqk4+O

Entry address:
0x3225

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 28, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, F9, 2A, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 50, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B0, 91, 40, 00, 68, A0, 36, 42, 00, E8, B0, 27, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 9E, 27, 00, 00...
 
[+]

Entropy:
7.9996

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Remove wefisetup_5_142_4.exe - Powered by Reason Core Security