» wiupdat.exe
Overview
Analysis
File Details
Downloads (1)

wiupdat.exe

sql exim wizard

SF Software

The executable wiupdat.exe, “SQL Server Import and Export Wizard” has been detected as malware by 28 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from 1391055544-4.pieteru.uni.me.

File name:

wiupdat.exe

Publisher:

SF Software

Product:

sql exim wizard

Description:

SQL Server Import and Export Wizard

Version:

1.3.4.0

MD5:

f6e98b13d11cfd29e13a506e1bdcda9f

SHA-1:

488dc4756efd5aba4f7d6bfd51c1e13f5178ef14

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

11/5/2024 10:19:41 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1734301

210

Avira AntiVirus

TR/Crypt.Xpack.73150

7.11.158.80

avast!

Win32:Dropper-gen [Drp]

2014.9-160708

AVG

Downloader.Generic13

2017.0.2688

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.1678

Bitdefender

Trojan.GenericKD.1734301

1.0.20.950

Bkav FE

HW32.Laneul

1.3.0.4959

Comodo Security

UnclassifiedMalware

18755

Dr.Web

Trojan.DownLoad3.33711

9.0.1.0190

Emsisoft Anti-Malware

Trojan.GenericKD.1734301

8.16.07.08.05

ESET NOD32

Win32/TrojanDownloader.Agent.AGV

10.10040

Fortinet FortiGate

W32/Agent.AGV!tr

7/8/2016

F-Secure

Trojan.GenericKD.1734301

11.2016-08-07_6

G Data

Trojan.GenericKD.1734301

16.7.24

IKARUS anti.virus

Trojan-Downloader.Win32.Agent

t3scan.1.6.1.0

K7 AntiVirus

Trojan-Downloader

13.180.12612

Kaspersky

Trojan-Spy.Win32.Zbot

14.0.0.-64

Malwarebytes

Spyware.Zbot.VXGen

v2016.07.08.05

McAfee

RDN/Downloader.a!ro

5600.6344

Microsoft Security Essentials

TrojanDownloader:Win32/Zemot

1.10701

MicroWorld eScan

Trojan.GenericKD.1734301

17.0.0.570

Norman

Agent.BDTQL

11.20160708

Panda Antivirus

Trj/Dtcontx.M

16.07.08.05

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_DLOADR.FMEY

7.2.190

Trend Micro

TROJ_DLOADR.FMEY

10.465.08

VIPRE Antivirus

Trojan.Win32.Generic

30922

File size:

145 KB (148,480 bytes)

Product version:

1.3.4.0

Original file name:

SQL Server Import and Export Wizard

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\wiupdat.exe

File PE Metadata

Compilation timestamp:

6/24/2014 2:34:28 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:5vyK/lJnPP/MbKolTTozvGVMalxYbGJIAGg4TedLI1z8zQ:5vyklJPPEjhToLIYfAiTYLRz

Entry address:

0x9226

Entry point:

E8, A8, 93, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, A4, 19, 00, 00, 6A, 16, 5E, 89, 30, E8, 48, 19, 00, 00, 8B, C6, EB, 33, 8B, 45, 10, 85, C0, 75, 04, 88, 02, EB, E2, 8B, F2, 2B, F0, 8A, 08, 88, 0C, 06, 40, 84, C9, 74, 03, 4F, 75, F3, 85, FF, 75, 11, C6, 02, 00, E8, 6E, 19, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, C6, 33, C0, 5F, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 60, 4B, 42, 00, 00... 
[+]

Code size:

88.5 KB (90,624 bytes)

The file wiupdat.exe has been seen being distributed by the following URL.

http://1391055544-4.pieteru.uni.me/f/.../7

Remove wiupdat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.