» winplugin.exe
Overview
Analysis
File Details
Behaviors (1)

winplugin.exe

AVPlugin Sofware

FC Group Corporation LTDA

The executable winplugin.exe, “This software protect your PC Computer” has been detected as malware by 26 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WinPlugin’.

File name:

winplugin.exe

Publisher:

AV Plugin Service (signed by FC Group Corporation LTDA)

Product:

AVPlugin Sofware

Description:

This software protect your PC Computer

Version:

3.0.7.1

MD5:

f01ee365aed1058e270f9942e5c8e6e4

SHA-1:

db9f08fa93c90075e196f8376f46dec64432f222

SHA-256:

d27f75387f7fda2740e495bb79700a565a3cf11729db7f2d07f0c00d0ec4dbd5

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

11/29/2024 9:30:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.173236

161

AegisLab AV Signature

Troj.Downloader.W32.Gen

2.1.4+

Agnitum Outpost

Trojan.PWS.BestaFera

7.1.1

Avira AntiVirus

TR/Spy.Banker.Gen

8.3.2.4

Arcabit

Trojan.Zusy.D2A4B4

1.0.0.642

avast!

Win32:Malware-gen

2014.9-160826

AVG

PSW.Banker7

2017.0.2639

Baidu Antivirus

Trojan.Win32.Banker

4.0.3.16826

Bitdefender

Gen:Variant.Zusy.173236

1.0.20.1195

Emsisoft Anti-Malware

Gen:Variant.Zusy.173236

8.16.08.26.05

ESET NOD32

Win32/Spy.Banker.ABMV (variant)

10.12856

Fortinet FortiGate

W32/BestaFera.ABMV!tr

8/26/2016

F-Secure

Gen:Variant.Zusy.173236

11.2016-26-08_6

G Data

Gen:Variant.Zusy.173236

16.8.25

IKARUS anti.virus

Trojan-Spy.Agent

t3scan.1.9.5.0

K7 AntiVirus

Spyware

13.212.18401

Kaspersky

Trojan-Banker.Win32.BestaFera

14.0.0.-309

Malwarebytes

Trojan.Banker.WP

v2016.08.26.05

McAfee

Artemis!F01EE365AED1

5600.6295

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12400.0

MicroWorld eScan

Gen:Variant.Zusy.173236

17.0.0.717

Panda Antivirus

Trj/CI.A

16.08.26.05

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16824

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R0EAC0DLM15

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic

46454

File size:

5.5 MB (5,731,112 bytes)

Product version:

3.0.7.1

Original file name:

AVPlugin

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Common path:

C:\users\{user}\appdata\roaming\winplugin.exe

Digital Signature

Signed by:

FC Group Corporation LTDA

Authority:

FC Group Corporation LTDA

Valid from:

12/7/2015 2:28:06 PM

Valid to:

12/4/2025 2:28:06 PM

Subject:

E=carlosant30@hotmail.com, CN=Carlos B, OU=FC Group LTDA, O=FC Group Corporation LTDA, L=Sao Paulo, S=Sao Paulo, C=BR

Issuer:

E=carlosant30@hotmail.com, CN=Carlos B, OU=FC Group LTDA, O=FC Group Corporation LTDA, L=Sao Paulo, S=Sao Paulo, C=BR

Serial number:

009E743FF5EAF0B266

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:rCxIvG59SSpY5s0SPapAara/PapAara/PapAara/PapqaPa/PapAara/PapAaraF:rhSPapAara/PapAara/PapAara/Papq/

Entry address:

0xF25CC

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, B8, 1C, 21, 01, 08, E8, 6E, 42, F1, FF, 68, F4, 26, 01, 08, E8, F0, 4E, F1, FF, 8B, F0, 68, F4, 26, 01, 08, 6A, FF, 6A, 00, E8, 60, 45, F1, FF, 8B, D8, 85, DB, 74, 0C, E8, 5D, 46, F1, FF, 3D, B7, 00, 00, 00, 75, 14, 6A, 00, 6A, 00, 56, 68, FF, FF, 00, 00, E8, F7, 4E, F1, FF, E9, CE, 00, 00, 00, A1, 18, B0, 01, 08, 8B, 00, E8, 7E, 3B, F8, FF, A1, 18, B0, 01, 08, 8B, 00, BA, 08, 27, 01, 08, E8, 65, 37, F8, FF, A1, 18, B0, 01, 08, 8B, 00, C6, 40, 5B, 00, 8B, 0D, E0, B1, 01, 08... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

966 KB (989,184 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WinPlugin

Command:

C:\users\{user}\appdata\roaming\winplugin.exe

Remove winplugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.