wgengine.exe

WinGuard Pro 2016

Christopher Homer

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘wgpro’. The file has been seen being downloaded from www.winguardpro.com.
Publisher:
WinGuardPro.com  (signed by Christopher Homer)

Product:
WinGuard Pro 2016

Version:
10.0.2.8

MD5:
57d72a8b9788c398fc7d317ce5f5e029

SHA-1:
58a8431b43391551a92353aa65e58d9747d2fd5a

SHA-256:
f5c1b929a60674dd1e3e7297bba3e195a05e56770187111a0e7b2e75cf0a4086

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 4:49:07 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

File size:
39.6 KB (40,552 bytes)

Product version:
10.0.2.8

Copyright:
Copyright © 2016

Trademarks:
WinGuardProTM

Original file name:
wgengine.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winguardpro ltd\winguard\wgengine.exe

Digital Signature
Authority:
Unizeto Technologies S.A.

Valid from:
9/2/2015 8:05:25 AM

Valid to:
9/1/2016 8:05:25 AM

Subject:
E=tech@winguardpro.com, CN=Christopher Homer, O=Christopher Homer, C=GB

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
428B474674E66DCB847575213F1FF26D

File PE Metadata
Compilation timestamp:
12/6/2015 10:15:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
80.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:szvelv7feNSjvnpFH+qElmHnRnFtYcFKSx6K+i0:sLe17feMb3mmHptKSxl+i0

Entry address:
0x9286

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9450

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
29 KB (29,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
wgpro

Command:
C:\Program Files\winguardpro ltd\winguard\wgengine.exe


The file wgengine.exe has been seen being distributed by the following URL.

Scan wgengine.exe - Powered by Reason Core Security