» wordanchor-setup-1.10.0.18.exe
Overview
Analysis
File Details

wordanchor-setup-1.10.0.18.exe

Word Anchor

The application wordanchor-setup-1.10.0.18.exe by Word Anchor has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

Publisher:

WA (signed by Word Anchor)

Product:

Description:

WA Setup

Version:

1.10.0.18

MD5:

e0715fc2a219758fea199beb9f988b46

SHA-1:

e3a6a0179458d82b134c48d21b8a5888bf792b3a

SHA-256:

b976c75d515598eab97ac7d42d743ab3e21ffc5b859d6700df9427362b1c8598

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

12/28/2024 10:30:03 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Popad

7.1.1

Baidu Antivirus

Adware.Win32.Vitruvian

4.0.3.15611

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

multiple threats

7.0.302.0

IKARUS anti.virus

PUA.Vitruvian

t3scan.1.9.5.0

NANO AntiVirus

Riskware.Win32.Vitruvian.dnpzum

0.30.24.2086

Qihoo 360 Security

HEUR/QVM42.1.Malware.Gen

1.0.0.1015

Vba32 AntiVirus

AdWare.Vitruvian

3.12.26.4

Zillya! Antivirus

Backdoor.CPEX.Win32.30054

2.0.0.2218

File size:

1013.3 KB (1,037,624 bytes)

Product version:

1.10.0.18

Original file name:

wordanchor-setup.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\14678347_stp\wordanchor-setup-1.10.0.18.exe

Digital Signature

Signed by:

Word Anchor

Authority:

GlobalSign nv-sa

Valid from:

5/22/2015 10:03:04 PM

Valid to:

5/22/2017 10:03:04 PM

Subject:

E=support@wordanchorapp.com, CN=Word Anchor, O=Word Anchor, L=San Diego, S=California, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121881197A2243E556A1A11A1D4B17AE0A0

File PE Metadata

Compilation timestamp:

12/5/2009 11:52:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:A3txbS7Qs1HSGKhePXc6LR12vE5TVrP1HfojM/gk3gDqO1zF+/N/QQS:A9xbSMG7zsvmVrPGjl1qO1zF+/PS

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove wordanchor-setup-1.10.0.18.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.