home

WordSurferAutoUpdateClient.exe

Word Surfer AutoUpdate Client

Word Surfer

The application WordSurferAutoUpdateClient.exe by Word Surfer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Word Surfer  (signed and verified)

Product:
Word Surfer AutoUpdate Client

Version:
1.10.0.19

MD5:
85fcb2ebd224e405c181dad61e6bb184

SHA-1:
ffa92a7806098f8a56df796dbd9235f203ed781f

SHA-256:
704cab2f27063cb80d3b125d624ec88cad9ad0c3183694ec98e65c99c2707661

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 3:30:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InfoAtoms.WordSurfer (M)
15.7.8.21

File size:
62.1 KB (63,576 bytes)

Product version:
1.10.0.19

Copyright:
Copyright (C) 2015

Original file name:
WordSurferAutoUpdateClient.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wordsurfer_1.10.0.19\update\wordsurferautoupdateclient.exe

Digital Signature
Signed by:
Word Surfer

Authority:
GlobalSign nv-sa

Valid from:
5/22/2015 10:08:13 PM

Valid to:
5/22/2017 10:08:13 PM

Subject:
E=support@wordsurferapp.com, CN=Word Surfer, O=Word Surfer, L=San Diego, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210C893E7E550A09401D54C5EAE1F196D5

File PE Metadata
Compilation timestamp:
6/16/2015 12:28:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:tkvCFurhRfkFOIwwwwwwwwBcJu4jnuQpMeFs:tkvCFurh5WOKcJJjusMeFs

Entry address:
0xF4DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
53.5 KB (54,784 bytes)

Scheduled Task
Task name:
WordSurfer Auto Updater 1.10.0.19 Core

Trigger:
Logon (Runs on logon)

Description:
WordSurfer Auto Updater 1.10.0.19 Core


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.20:80)

TCP (HTTP SSL):
Connects to ec2-54-245-107-135.us-west-2.compute.amazonaws.com  (54.245.107.135:443)

TCP (HTTP SSL):
Connects to ec2-54-203-246-164.us-west-2.compute.amazonaws.com  (54.203.246.164:443)

TCP (HTTP):
Connects to ec2-54-236-199-164.compute-1.amazonaws.com  (54.236.199.164:80)

TCP (HTTP):
Connects to ec2-54-175-90-62.compute-1.amazonaws.com  (54.175.90.62:80)

TCP (HTTP):
Connects to ec2-54-175-205-109.compute-1.amazonaws.com  (54.175.205.109:80)

TCP (HTTP):
Connects to ec2-54-175-175-129.compute-1.amazonaws.com  (54.175.175.129:80)

TCP (HTTP):
Connects to ec2-54-173-88-186.compute-1.amazonaws.com  (54.173.88.186:80)

TCP (HTTP):
Connects to ec2-54-172-238-40.compute-1.amazonaws.com  (54.172.238.40:80)

TCP (HTTP):
Connects to ec2-54-172-121-169.compute-1.amazonaws.com  (54.172.121.169:80)

TCP (HTTP):
Connects to ec2-54-165-155-35.compute-1.amazonaws.com  (54.165.155.35:80)

TCP (HTTP):
Connects to ec2-54-152-65-245.compute-1.amazonaws.com  (54.152.65.245:80)

TCP (HTTP):
Connects to ec2-52-7-0-96.compute-1.amazonaws.com  (52.7.0.96:80)

TCP (HTTP):
Connects to ec2-52-6-121-184.compute-1.amazonaws.com  (52.6.121.184:80)

TCP (HTTP):
Connects to ec2-52-4-45-170.compute-1.amazonaws.com  (52.4.45.170:80)

TCP (HTTP):
Connects to ec2-52-4-219-217.compute-1.amazonaws.com  (52.4.219.217:80)

TCP (HTTP):
Connects to ec2-52-2-174-179.compute-1.amazonaws.com  (52.2.174.179:80)

TCP (HTTP):
Connects to ec2-52-2-120-162.compute-1.amazonaws.com  (52.2.120.162:80)

Remove WordSurferAutoUpdateClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.