home

WordSharkAutoUpdateClient.exe

WS AutoUpdate Client

Word Shark

The application WordSharkAutoUpdateClient.exe by Word Shark has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address unallocated.barefruit.co.uk on port 80 using the HTTP protocol.
Publisher:
WS  (signed by Word Shark)

Product:
WS AutoUpdate Client

Version:
1.10.0.17

MD5:
9d061d7dc3af745315494840dcd75a5b

SHA-1:
bb9aa45ae4fcd9c1b1696416e1be13447f5225cf

SHA-256:
a558457bb19a57c3122a484420b3e4fd302eac83beb8939beace00b3a79c9735

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/12/2025 8:39:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WordShark (M)
15.6.29.1

File size:
59.6 KB (61,016 bytes)

Product version:
1.10.0.17

Copyright:
Copyright (C) 2015

Original file name:
WordSharkAutoUpdateClient.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wordshark_1.10.0.17\update\wordsharkautoupdateclient.exe

Digital Signature
Signed by:
Word Shark

Authority:
GlobalSign nv-sa

Valid from:
5/22/2015 3:07:42 PM

Valid to:
5/22/2017 3:07:42 PM

Subject:
E=support@wordsharkapp.com, CN=Word Shark, O=Word Shark, L=San Diego, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112198EB233B90E5F1DCEFA56D0BCF72B66C

File PE Metadata
Compilation timestamp:
6/1/2015 5:44:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:dnOqfoDJ5mFjyTm4qWJ+HkxjAKPwFODW26E1g5AtUmEPpMeC9KQ2diSn:1XZg/JOkx8KYFiWkXkpMetb

Entry address:
0xEB4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5668

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
51 KB (52,224 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-203-254-201.us-west-2.compute.amazonaws.com  (54.203.254.201:443)

TCP (HTTP):
Connects to static-182-18-145-169.ctrls.in  (182.18.145.169:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.114.217:80)

TCP (HTTP SSL):
Connects to ec2-54-244-247-138.us-west-2.compute.amazonaws.com  (54.244.247.138:443)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.6:80)

Remove WordSharkAutoUpdateClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.