» wifiguard_windows_setup_[www.programosy.pl].tmp
Overview
Analysis
File Details
Network (18)

wifiguard_windows_setup_[www.programosy.pl].tmp

The file wifiguard_windows_setup_[www.programosy.pl].tmp has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ns529303.ip-158-69-243.net on port 80 using the HTTP protocol.

File name:

Description:

Setup/Uninstall

Version:

51.1052.0.0

MD5:

6a96bef4679e16a54b4090e74664dcca

SHA-1:

c8631c1624b98f6709b1ac37ce3956faed29bc30

SHA-256:

cb095356ddcfcbace96c6252fb73a267ed011c15ff206a7a9302007baa68a783

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 9:58:38 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Bundler (M)

16.3.31.21

File size:

1.1 MB (1,177,088 bytes)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\wifiguard_windows_setup_[www.programosy.pl].tmp

File PE Metadata

Compilation timestamp:

1/15/2016 9:22:50 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:0KbqslNoiGO+h84C6f8HSCNFfoJMpNOErZTOzu5xTxyt:LwY6fULNntNX

Entry address:

0x100004

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, 48, E7, 4F, 00, E8, 35, 8F, F0, FF, 6A, EC, A1, 38, 3E, 50, 00, 8B, 00, 8B, 98, 70, 01, 00, 00, 53, E8, E0, 9D, F0, FF, 25, 7F, FF, FF, FF, 50, 6A, EC, A1, 38, 3E, 50, 00, 53, E8, 35, A0, F0, FF, 33, C0, 55, 68, 7F, 00, 50, 00, 64, FF, 30, 64, 89, 20, 6A, 01, E8, 80, 97, F0, FF, E8, 33, E4, FF, FF, A1, 80, E3, 4F, 00, 50, 68, E4, E3, 4F, 00, A1, 38, 3E, 50, 00, 8B, 00, E8, A0, C2, F7, FF, E8, 87, E4, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 19, E9, 5C, 46, F0, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1020 KB (1,044,480 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-163-58-177.compute-1.amazonaws.com (54.163.58.177:80)

TCP (HTTP):

Connects to ns527947.ip-158-69-242.net (158.69.242.138:80)

TCP (HTTP):

Connects to ns529303.ip-158-69-243.net (158.69.243.235:80)

TCP (HTTP):

Connects to static-ip-188-138-71-73.inaddr.ip-pool.com (188.138.71.73:80)

TCP (HTTP):

Connects to cache.google.com (59.18.45.50:80)

TCP (HTTP):

Connects to static.vnpt.vn (113.171.239.108:80)

TCP (HTTP):

Connects to host-213.158.163.208.tedata.net (213.158.163.208:80)

TCP (HTTP):

Connects to ec2-34-195-153-94.compute-1.amazonaws.com (34.195.153.94:80)

TCP (HTTP):

Connects to 82-102-187-71.orange.net.il (82.102.187.71:80)

TCP (HTTP):

Connects to 61-91-9-103.static.asianet.co.th (61.91.9.103:80)

TCP (HTTP):

Connects to 177.135.177.241.static.adsl.gvt.net.br (177.135.177.241:80)

TCP (HTTP):

Connects to 103-16-152-177-noc.bsccl.com (103.16.152.177:80)

TCP (HTTP):

Connects to 103-16-152-151-noc.bsccl.com (103.16.152.151:80)

Remove wifiguard_windows_setup_[www.programosy.pl].tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.