home

wgengine.exe

WinGuard Pro 2016

Christopher Homer

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘wgpro’. The file has been seen being downloaded from www.winguardpro.com.
Publisher:
WinGuardPro.com  (signed by Christopher Homer)

Product:
WinGuard Pro 2016

Version:
10.1.1.7

MD5:
15e6ffa6f386809ab03439b7f19c42dc

SHA-1:
efb0ec7fbd196cf35f5b428c19e97ced7e6613a0

SHA-256:
42fae0f5fd031e1c34bd613ef877ba551efeba77598bc07ec343e3c8aa09b533

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 4:50:10 AM UTC  (today)

File size:
52.6 KB (53,832 bytes)

Product version:
10.1.1.7

Copyright:
Copyright © 2016

Trademarks:
WinGuardProTM

Original file name:
wgengine.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\wgengine.exe

Digital Signature
Signed by:
Christopher Homer

Authority:
Unizeto Technologies S.A.

Valid from:
4/23/2016 12:05:46 AM

Valid to:
9/1/2016 7:05:25 PM

Subject:
E=tech@winguardpro.com, CN=Christopher Homer, O=Christopher Homer, C=GB

Issuer:
CN=Certum Code Signing CA SHA2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
6435E8F6485756B2B6812D608ADD817E

File PE Metadata
Compilation timestamp:
4/22/2016 6:27:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
80.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:nIYiLDr5i2NVcx4GROtB3n6c5TZRONKSxlYg:niPVeT0Kc5TGNZ7Yg

Entry address:
0xBE7A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
wgpro

Command:
C:\Program Files\winguardpro ltd\winguard\wgengine.exe


The file wgengine.exe has been seen being distributed by the following URL.

http://www.winguardpro.com/update/.../wgengine.exe

Scan wgengine.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.