wie_2.21.2.20.exe

Iphone-Install.com

The application wie_2.21.2.20.exe by Iphone-Install.com has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Open Downloader Manager by Installer Technology Co which is a potentially unwanted software program. The file has been seen being downloaded from www.wajam-download.com and multiple other hosts.
Publisher:
Iphone-Install.com  (signed and verified)

MD5:
600b1f8b88a2830ace8c929b1bf14eba

SHA-1:
0513725af329b5afef61aeae0fe0174e9ad9b764

SHA-256:
66b468bd795db4de352e8b160b013af210908278ccdc250ebfb62b6a6c91e18f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:57:10 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!600B1F8B88A2
5600.6911

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.IphoneInstall
15.2.14.11

Trend Micro House Call
TROJ_GEN.R047H05LI14
7.2.353

Vba32 AntiVirus
suspected of Trojan.Downloader.gen
3.12.26.3

Zillya! Antivirus
Trojan.Win32.1DB12147
2.0.0.2010

File size:
2.2 MB (2,319,920 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Authority:
thawte, Inc.

Valid from:
12/10/2014 1:00:00 AM

Valid to:
12/11/2015 12:59:59 AM

Subject:
CN=Iphone-Install.com, O=Iphone-Install.com, L=montreal, S=quebec, C=CA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3A9486DD32A165F8BAA825EFBA581212

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:0+zeGbNwm6pP7NsgphZrqtSnZjCufw9XqxPgkQEHTWB:2cuj2gp7qt0jCKV5Q4a

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Entropy:
7.9917

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file wie_2.21.2.20.exe has been discovered within the following program.

Open Downloader Manager  by Installer Technology Co
ODM is a download manager that plugs into various web browsers (IE, Chrome and Firefox). The installer is designed to bundle and offer various additional offers including toolbars and other potentially harmful programs.
opendownloadmanager.com
73% remove it
 
Powered by Should I Remove It?

The file wie_2.21.2.20.exe has been seen being distributed by the following 2 URLs.

http://www.wajam-download.com/.../WIE_2.21.2.20.exe

Remove wie_2.21.2.20.exe - Powered by Reason Core Security