whAgent.exe

webHancer Customer Companion

webHancer Corporation

The application whAgent.exe has been detected as a potentially unwanted program by 35 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘webHancer Agent’. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
Publisher:
webHancer Corporation

Product:
webHancer Customer Companion

Version:
2.1.4

MD5:
cb91d48690e8943dadd772273dfaa920

SHA-1:
7e605f8ecd7269031d26550a515602ac7c83be2d

SHA-256:
5b93f7a2600ffdf436501b7a526bad303f7644181f34674a96badb207e997427

Scanner detections:
35 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 7:31:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Webhancer.C
562

Agnitum Outpost
Adware.WebHancer
7.1.1

AhnLab V3 Security
Win-AppCare/Webhancer.167936
2014.06.08

Avira AntiVirus
ADSPY/AdSpy.Gen
7.11.153.220

avast!
Win32:Webhancer-C [PUP]
2014.9-150722

AVG
Generic5
2016.0.3040

Baidu Antivirus
Adware.Win32.WebHancer
4.0.3.15722

Bitdefender
Adware.Webhancer.C
1.0.20.1015

Bkav FE
W32.Clod27a.Trojan
1.3.0.4959

Clam AntiVirus
Adware.Webhancer-10
0.98/21155

Comodo Security
Application.Win32.Adware.Webhancer.A
18472

Dr.Web
Adware.WebHancer
9.0.1.0203

Emsisoft Anti-Malware
Adware.Webhancer
8.15.07.22.01

ESET NOD32
Win32/Adware.Webhancer
9.9910

Fortinet FortiGate
Adware/WebHancer
7/22/2015

F-Prot
W32/Adware.NQK
v6.4.7.1.166

F-Secure
Adware.Webhancer.C
11.2015-22-07_4

G Data
Adware.Webhancer
15.7.24

Kaspersky
not-a-virus:AdWare.Win32.WebHancer
14.0.0.1697

Malwarebytes
PUP.WebHancer
v2015.07.22.01

McAfee
Spyware-WebHancer
5600.6696

Microsoft Security Essentials
Spyware:Win32/WebHancer.A
1.10600

MicroWorld eScan
Adware.Webhancer.C
16.0.0.609

NANO AntiVirus
Riskware.Win32.WebHancer.gwmx
0.28.0.60100

nProtect
Trojan-Clicker/W32.Webhancer.167936
14.06.05.01

Panda Antivirus
Adware/WebHancer
15.07.22.01

Quick Heal
Trojan.WebHancer.a
7.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.122CC140!304922944
23.00.65.15720

Sophos
Webhancer
4.98

SUPERAntiSpyware
Adware.webHancer
9738

Total Defense
Win32/webHancer
37.0.10985

Trend Micro House Call
SPYW_WEBHANCER.J
7.2.203

Trend Micro
SPYW_WEBHANCER.J
10.465.22

Vba32 AntiVirus
AdWare.WebHancer
3.12.26.0

VIPRE Antivirus
webHancer
30066

File size:
164 KB (167,936 bytes)

Product version:
2.1.4

Copyright:
Copyright © 1999-2001 webHancer Corporation

Original file name:
whAgent.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webhancer\programs\whagent.exe

File PE Metadata
Compilation timestamp:
5/18/2001 9:09:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:jQgKgNUkiVLMMr99guf7NlCIt6Xnzp/XR1rWpJoyn51d:jQghFwMMv3CLzxXHqpFn51

Entry address:
0x14740

Entry point:
55, 8B, EC, 6A, FF, 68, E0, FB, 41, 00, 68, D4, 68, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 10, F1, 41, 00, 33, D2, 8A, D4, 89, 15, A8, 82, 42, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, A4, 82, 42, 00, C1, E1, 08, 03, CA, 89, 0D, A0, 82, 42, 00, C1, E8, 10, A3, 9C, 82, 42, 00, 6A, 01, E8, 65, 4C, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, F8, 1C, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
5.8735

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
120 KB (122,880 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
webHancer Agent

Command:
"C:\Program Files\webhancer\programs\whagent.exe"


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.120:80)

Remove whAgent.exe - Powered by Reason Core Security