WinRadius.EXE

WinRadius 1.0.1

ITconsult2000.com

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinRadius’. The file has been seen being downloaded from 1291361.netacad.com.
Publisher:
ITconsult2000.com

Product:
WinRadius 1.0.1

Description:
WinRadius Microsoft Application

Version:
1, 0, 0, 1

MD5:
17395cc46caa595822fb3a23c835e816

SHA-1:
5aff90680d0c7c25fbe0d856051270ed1fd57450

SHA-256:
31ea6680e2e5875a147ca689dbaf19384dfb6b77dead9bc3c3b2f980cefb2b3b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/14/2024 1:53:07 AM UTC  (today)

File size:
568 KB (581,632 bytes)

Product version:
1, 0, 0, 1

Copyright:
ITconsult2000 (C) 2002

Trademarks:
WinRadius

Original file name:
WinRadius.EXE

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
8/11/2004 1:16:16 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:bPW4LbNxkBwyQZg1pYJBagDcmkebWkhTGVs/gP5bBtBAPXgpFrVfC+QM6nlIaixG:T7xupYJB7iebWuTGJjW2VVUM6ny/mH

Entry address:
0x2BC4A

Entry point:
55, 8B, EC, 6A, FF, 68, 88, B8, 46, 00, 68, 74, 19, 43, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, C0, 33, 46, 00, 33, D2, 8A, D4, 89, 15, 90, 58, 48, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 8C, 58, 48, 00, C1, E1, 08, 03, CA, 89, 0D, 88, 58, 48, 00, C1, E8, 10, A3, 84, 58, 48, 00, 6A, 01, E8, 0C, 48, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 22, 37, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.2181

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
392 KB (401,408 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WinRadius

Command:
"C:\users\{user}\desktop\winradius.exe" -service


The file WinRadius.EXE has been seen being distributed by the following URL.

Scan WinRadius.EXE - Powered by Reason Core Security