WhiteSmokeRegistration.EXE

WhiteSmokeRegistration Application

WhiteSmoke Inc

The application WhiteSmokeRegistration.EXE, “WhiteSmokeRegistration MFC Application” by WhiteSmoke Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
WhiteSmoke Inc  (signed and verified)

Product:
WhiteSmokeRegistration Application

Description:
WhiteSmokeRegistration MFC Application

Version:
1, 0, 0, 1

MD5:
59df5cf5b174074ed2341e4484b04044

SHA-1:
94834a3603d44211e322097e3b5b44b46589f756

SHA-256:
716d686cba0f99670d5991ab1f3d0d1d315835df92dba972d865e8fa4e4e6c98

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 2:46:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WhiteSmoke (M)
15.12.20.10

File size:
265.3 KB (271,704 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2003

Original file name:
WhiteSmokeRegistration.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\whitesmoke\whitesmokeregistration.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/17/2007 6:00:00 PM

Valid to:
6/17/2008 5:59:59 PM

Subject:
CN=WhiteSmoke Inc, OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WhiteSmoke Inc, L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6909B96020B7E23C83DA2D03280AA61E

File PE Metadata
Compilation timestamp:
10/31/2007 5:53:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:BXblB+XYuwE3QRQKu+5+OcS1Wnwg4E6qr+hsvA/XyFC/BHYNicH/odM+vGnJMYrH:Bhnu+cOcSVhcA/EC/J2dodM+vGnJMk

Entry address:
0xAA1E

Entry point:
E8, C1, 04, 00, 00, E9, 35, FD, FF, FF, 6A, 14, 68, B0, 12, 41, 00, E8, 98, FB, FF, FF, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, 04, 05, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 8E, FB, FF, FF, C2, 10, 00, 6A, 0C, 68, D0, 12, 41, 00, E8, 3A, FB, FF, FF, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45...
 
[+]

Entropy:
6.5213

Code size:
48 KB (49,152 bytes)

Remove WhiteSmokeRegistration.EXE - Powered by Reason Core Security