winalert.exe

The application winalert.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WindowMessenger’. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.
MD5:
8f3c179e74692c0b76c8c4ff887da731

SHA-1:
ff65f25527e0bd49efd371cfb27e5ec24169f169

SHA-256:
0e18bdb996f1189687d45c7e7fe4c57de8ed7c2a84bb3840f6f6bb7371a3de0e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 3:55:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WinAlert (M)
17.1.23.13

File size:
464 KB (475,136 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x5581

Entry point:
F2, F7, C7, 97, 1F, 0F, 52, 19, DF, 69, D2, 74, B5, 2D, ED, 87, EB, 87, C7, 85, EA, 77, 07, 8A, F8, BB, B5, 9C, 61, 19, 0F, AF, FA, FE, CC, 10, CA, 0F, AF, C0, FF, C5, E8, 00, 00, 00, 00, 85, DF, 69, FA, 14, 68, 32, C9, 8D, 05, 52, 2F, 25, 6F, 72, 06, 86, E4, 87, D3, 89, DE, 8D, 0D, D8, 57, 00, 00, FF, C0, 80, DC, 68, 89, CE, 81, E9, 81, 24, 00, 00, 5E, 69, D3, 44, 3E, CC, 77, 4D, F7, C1, DE, 24, BE, 08, 85, FB, 29, D2, 86, CD, 0F, B6, C5, 78, 02, 8A, E6, 0F, AF, C8, 0F, AF, FF, 31, E9, 28, C4, 84, D7, FF...
 
[+]

Entropy:
5.8629

Code size:
20 KB (20,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WindowMessenger

Command:
C:\recycler\{random}\winsysapp.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to win15.securedc.com  (64.8.117.67:80)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.91:80)

TCP (HTTP):
Connects to host176.b5.trdns.com  (77.245.148.176:80)

Remove winalert.exe - Powered by Reason Core Security