widcomm_downloader.exe

The application widcomm_downloader.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from bf.softobase.com.
MD5:
813271917f12e0fe47f9eec2f2baa114

SHA-1:
896d8be7d0e53cf5243c0d0a0e86bdc10f486057

SHA-256:
e84b0b5edd510d5e599cb64918bf4b78788f6b2001946e5852dc336b47f8264d

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/16/2024 1:42:20 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Softobase
2015.08.12

Baidu Antivirus
PUA.Win32.Softobase
4.0.3.1644

Clam AntiVirus
Win.Trojan.Agent-906217
0.98/21511

ESET NOD32
Win32/Softobase.D potentially unwanted
10.12079

K7 AntiVirus
Adware
13.207.16857

Kaspersky
not-a-virus:HEUR:Downloader.NSIS.SoftBase
14.0.0.410

McAfee
RDN/Generic PUP.z
5600.6439

NANO AntiVirus
Riskware.Nsis.Downware.dtcclx
0.30.24.3079

Panda Antivirus
Trj/CI.A
16.04.04.10

Quick Heal
Downloader.NSIS.r7 (Not a Virus)
4.16.14.00

Sophos
Generic PUA IJ (PUA)
4.98

Trend Micro
TROJ_GEN.R03EC0EHA15
10.465.04

VIPRE Antivirus
Trojan.Win32.Generic
42800

File size:
241.6 KB (247,356 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\widcomm_downloader.exe

File PE Metadata
Compilation timestamp:
4/21/2015 1:23:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:qFXoDt6QAmP/NO4v4ZkxhJ9PeXU5aU7LHosJi6VtfXZpGtqlB8LDGWZyiZ0Mp:LAQnIaoYgXy7LIsJiQtByf/VHl

Entry address:
0x4377

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 42, 00, 56, A3, 30, AD, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 81, 3C, 00, 00, A3, 00, AE, 42, 00, 57, 8D, 85, 88, FE, FF, FF, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file widcomm_downloader.exe has been seen being distributed by the following URL.

Remove widcomm_downloader.exe - Powered by Reason Core Security