wikibrowser.exe

Download Sp. z.o.o.

The application wikibrowser.exe by Download Sp. z.o.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from wikibrowser.co.
Publisher:
Download Sp. z.o.o.  (signed and verified)

Version:
1.1.57.0

MD5:
27dab8519b22259dc96d4652d6570942

SHA-1:
2d79f8e67de47461c184842d7399364ad10c4f62

SHA-256:
e16e61f40b94753bb30767c82f23af5b2c2e66016eb8db4424f886a376300293

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 1:43:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DownloadSpzoo.Installer (M)
15.7.1.6

File size:
552.4 KB (565,688 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\wikibrowser.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/9/2014 1:00:00 AM

Valid to:
12/14/2015 1:00:00 PM

Subject:
CN=Download Sp. z.o.o., O=Download Sp. z.o.o., L=Warszawa, C=PL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08883940928AE596451853B69F51C554

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:T76ps9v/qIbIqjgsMjJlExsEJl99n3ya1frrjDp5olwPoc1HvA:TMY/qIbIq8I599n7frXIkocp4

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file wikibrowser.exe has been seen being distributed by the following URL.

Remove wikibrowser.exe - Powered by Reason Core Security