wiupdat.exe

sql exim wizard

SF Software

The executable wiupdat.exe, “SQL Server Import and Export Wizard” has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from 1391055544-4.pieteru.uni.me.
Publisher:
SF Software

Product:
sql exim wizard

Description:
SQL Server Import and Export Wizard

Version:
1.3.4.0

MD5:
f6e98b13d11cfd29e13a506e1bdcda9f

SHA-1:
488dc4756efd5aba4f7d6bfd51c1e13f5178ef14

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
11/5/2024 10:19:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1734301
210

Avira AntiVirus
TR/Crypt.Xpack.73150
7.11.158.80

avast!
Win32:Dropper-gen [Drp]
2014.9-160708

AVG
Downloader.Generic13
2017.0.2688

Baidu Antivirus
Trojan.Win32.Kryptik
4.0.3.1678

Bitdefender
Trojan.GenericKD.1734301
1.0.20.950

Bkav FE
HW32.Laneul
1.3.0.4959

Comodo Security
UnclassifiedMalware
18755

Dr.Web
Trojan.DownLoad3.33711
9.0.1.0190

Emsisoft Anti-Malware
Trojan.GenericKD.1734301
8.16.07.08.05

ESET NOD32
Win32/TrojanDownloader.Agent.AGV
10.10040

Fortinet FortiGate
W32/Agent.AGV!tr
7/8/2016

F-Secure
Trojan.GenericKD.1734301
11.2016-08-07_6

G Data
Trojan.GenericKD.1734301
16.7.24

IKARUS anti.virus
Trojan-Downloader.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan-Downloader
13.180.12612

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.-64

Malwarebytes
Spyware.Zbot.VXGen
v2016.07.08.05

McAfee
RDN/Downloader.a!ro
5600.6344

Microsoft Security Essentials
TrojanDownloader:Win32/Zemot
1.10701

MicroWorld eScan
Trojan.GenericKD.1734301
17.0.0.570

Norman
Agent.BDTQL
11.20160708

Panda Antivirus
Trj/Dtcontx.M
16.07.08.05

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_DLOADR.FMEY
7.2.190

Trend Micro
TROJ_DLOADR.FMEY
10.465.08

VIPRE Antivirus
Trojan.Win32.Generic
30922

File size:
145 KB (148,480 bytes)

Product version:
1.3.4.0

Copyright:
SF Software. All rights reserved.

Original file name:
SQL Server Import and Export Wizard

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\wiupdat.exe

File PE Metadata
Compilation timestamp:
6/24/2014 2:34:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:5vyK/lJnPP/MbKolTTozvGVMalxYbGJIAGg4TedLI1z8zQ:5vyklJPPEjhToLIYfAiTYLRz

Entry address:
0x9226

Entry point:
E8, A8, 93, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, A4, 19, 00, 00, 6A, 16, 5E, 89, 30, E8, 48, 19, 00, 00, 8B, C6, EB, 33, 8B, 45, 10, 85, C0, 75, 04, 88, 02, EB, E2, 8B, F2, 2B, F0, 8A, 08, 88, 0C, 06, 40, 84, C9, 74, 03, 4F, 75, F3, 85, FF, 75, 11, C6, 02, 00, E8, 6E, 19, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, C6, 33, C0, 5F, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 60, 4B, 42, 00, 00...
 
[+]

Code size:
88.5 KB (90,624 bytes)

The file wiupdat.exe has been seen being distributed by the following URL.

Remove wiupdat.exe - Powered by Reason Core Security