home

wiredtools.exe

WiredTools.exe

WiredTools Ltd.

The application wiredtools.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WiredTools”. This file is typically installed with the program WiredTools by WiredTools LTD. While running, it connects to the Internet address customer.worldstream.nl on port 80 using the HTTP protocol.
Publisher:
WiredTools Ltd.

Product:
WiredTools.exe

Version:
2.2.9.5

MD5:
e60e960302f8e9f0285f6606bb9d1e07

SHA-1:
577c5eee985d84a56eb8ee5c26e129bcd8da6b25

SHA-256:
a6591c1700e620be1137e6323e702f28372555637997d18713fb6262779e2df6

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
1/12/2025 6:14:52 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.212.80

AVG
Generic5
2015.0.3330

Dr.Web
Adware.Superfish.2
9.0.1.057

File size:
1.2 MB (1,303,128 bytes)

Product version:
2.2.9.5

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wiredtools\wiredtools.exe

File PE Metadata
Compilation timestamp:
7/5/2014 12:52:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:2Q/1hTDboiQHgOzPMoisJJnAvKFD/bvUseAf+9sf5abc0LDNj9:2QbTDyr2sJUK1UFOKM5aQ0Fj9

Entry address:
0x3705

Entry point:
E8, 02, 4C, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 63, 0C, 00, 00, 8B, FF, 56, 6A, 01, 68, 74, A0, 41, 00, 8B, F1, E8, 97, 0F, 00, 00, C7, 06, FC, 42, 41, 00, 8B, C6, 5E, C3, C7, 01, FC, 42, 41, 00, E9, FC, 0F, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 42, 41, 00, E8, E9, 0F, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B0, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 68, 0F, 00, 00, C7, 06, FC, 42, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B...
 
[+]

Entropy:
7.9773  (probably packed)

Code size:
68.5 KB (70,144 bytes)

Service
Display name:
WiredTools

Description:
WiredTools auxiliary service

Type:
Win32OwnProcess

Depends on:
RPCSS


The file wiredtools.exe has been discovered within the following programs.

WiredTools  by WiredTools LTD
About 1% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 200-152-251.21.static.stech.net.br  (200.152.251.21:443)

TCP (HTTP SSL):
Connects to 200-152-250.121.static.stech.net.br  (200.152.250.121:443)

TCP (HTTP SSL):
Connects to 200-152-251.18.static.stech.net.br  (200.152.251.18:443)

TCP (HTTP SSL):
Connects to 200-152-250.102.static.stech.net.br  (200.152.250.102:443)

TCP (HTTP):
Connects to customer.worldstream.nl  (217.23.2.19:80)

TCP (HTTP SSL):
Connects to a23-216-201-189.deploy.static.akamaitechnologies.com  (23.216.201.189:443)

TCP (HTTP SSL):
Connects to lb03.us.ext.opera.com  (37.228.108.252:443)

TCP (HTTP SSL):
Connects to a72-246-72-183.deploy.akamaitechnologies.com  (72.246.72.183:443)

TCP (HTTP):
Connects to a23-213-212-88.deploy.static.akamaitechnologies.com  (23.213.212.88:80)

TCP (HTTP SSL):
Connects to a2-16-4-219.deploy.akamaitechnologies.com  (2.16.4.219:443)

TCP (HTTP SSL):
Connects to a2-16-4-202.deploy.akamaitechnologies.com  (2.16.4.202:443)

TCP (HTTP SSL):
Connects to a2-16-4-195.deploy.akamaitechnologies.com  (2.16.4.195:443)

TCP (HTTP SSL):
Connects to 200-240-237-145.adyl.net.br  (200.240.237.145:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-mia1.fbcdn.net  (31.13.73.7:443)

TCP:
Connects to wb-in-f188.1e100.net  (66.102.1.188:5228)

TCP (HTTP):
Connects to server-52-85-167-10.gig50.r.cloudfront.net  (52.85.167.10:80)

TCP (HTTP):
Connects to rdthermos0.imageshack.us  (208.94.3.16:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mia1.facebook.com  (31.13.73.1:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-lax3.facebook.com  (31.13.70.1:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

Remove wiredtools.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.