» windv1c.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

windv1c.exe

아이비엔 (IBN)

The application windv1c.exe by 아이비엔 (IBN) has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘windv1c’. The file has been seen being downloaded from down.windv1.com.

File name:

windv1c.exe

Publisher:

아이비엔 (IBN) (signed and verified)

MD5:

92d86c485e513c827ff5d17923c7952b

SHA-1:

960c4dd6b047f2b9a1b8e0ab9458568a258e6e93

SHA-256:

fae5691bf83149870f3ea6568d69000a29431241f7b1b60f88f97c8d9091bd24

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 7:37:05 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/AdWare.KeywordFind.D application

6.3

F-Prot

W32/Themida_Packed

4.6.5.141

Reason Heuristics

Trojan.Agent (M)

16.10.11.20

File size:

987.3 KB (1,010,944 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\windv1\windv1c.exe

Digital Signature

Signed by:

아이비엔 (IBN)

Authority:

thawte, Inc.

Valid from:

10/8/2015 9:00:00 AM

Valid to:

10/8/2018 8:59:59 AM

Subject:

CN=아이비엔 (IBN), OU=IT Team, O=아이비엔 (IBN), L=Seongdong-gu, S=SEOUL, C=KR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

4166F57FE9D68663F57A34AE0E960E6A

File PE Metadata

Compilation timestamp:

8/29/2016 8:05:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:sdwMIGEMC2IeGPvqzWDdTd4KAExJleQ+cdbFlr+Ul2N11TZP01u:sB1zGHqzmdUS6SFDyY2Nv90I

Entry address:

0x21E000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 8B, D8, 40, 2D, 00, 60, 0B, 00, 2D, 5D, 36, 5F, 00, 05, 52, 36, 5F, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 12, BB, B5, 34, 68, D0, 29, 58, 65, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 8B, EC, 60, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, EB, 08, 31, 06, 01, 1E, 83, C6, 04, 49, 0B, C9, 75, F4, 61, C9, C2, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7714 (probably packed)

Code size:

418.5 KB (428,544 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

windv1c

Command:

"C:\users\{user}\appdata\roaming\windv1\windv1c.exe"

The file windv1c.exe has been seen being distributed by the following URL.

http://down.windv1.com/.../windv1c.exe

Remove windv1c.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.