» windapp update.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

windapp update.exe

WindApp

Windapp

The application windapp update.exe, “WindApp installer” by Windapp has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. This file is typically installed with the program WindApp (remove only) by Nosibay which is a potentially unwanted software program.

File name:

windapp update.exe

Publisher:

Nosibay (signed by Windapp)

Product:

WindApp

Description:

WindApp installer

Version:

3.0.643.0.61202

MD5:

956e90bb7c7d1de6802e0c20e6dcb811

SHA-1:

0504447ebc60dba29a9fb5ea5d5e111a76210db6

SHA-256:

426f4bd0b8dc2b5dc9b278ed091bec79238dc9d3efaadaf13dac1173626e3022

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

11/8/2024 2:37:31 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Nosibay.Installer.Meta (M)

15.6.19.11

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

File size:

156.8 KB (160,552 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\store\windapp\windapp update.exe

Digital Signature

Signed by:

Windapp

Authority:

Windapp

Valid from:

7/24/2014 1:07:07 PM

Valid to:

12/31/2039 11:59:59 PM

Subject:

CN=Windapp

Issuer:

CN=Windapp

Serial number:

07D00BC1D3269EAF4C01F64E3E80D0E6

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:CQIURTXJaBpFYjwovk4koQ2oqDzRwhHNOLwKRXQfRoD:CsgrevktoQQDeHNmwCQWD

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.6314

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Scheduled Task

Task name:

WindApp Update

Trigger:

Daily (Runs daily at 18:41)

The file windapp update.exe has been discovered within the following program.

WindApp (remove only) by Nosibay

WindApp is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.

81% remove it

Remove windapp update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.