» wp.exe
Overview
Analysis
File Details
Programs (1)

wp.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application wp.exe by Montiera Technologies has been detected as a potentially unwanted program by 16 anti-malware scanners. This file is typically installed with the program Web Protect for Windows by Web Protect which is a potentially unwanted software program.

File name:

wp.exe

Publisher:

Montiera Technologies LTD (signed and verified)

MD5:

3da26a7dbd02a3e219a540276afe4c72

SHA-1:

f4f0977b6476361996b3bc44aecb81d927339263

SHA-256:

b29c1f0562c40d8b8def2090784243ba3af7e717a3450023d00f8611b6ab1444

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 7:54:26 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downloader

7.1.1

avast!

Win32:Malware-gen

2014.9-140927

AVG

Montiera

2015.0.3338

Baidu Antivirus

Hacktool.Win32.Montiera

4.0.3.14826

Dr.Web

Trojan.DownLoader11.22262

9.0.1.0238

Fortinet FortiGate

Riskware/Montiera

8/26/2014

IKARUS anti.virus

not-a-virus:Downloader.Montiera

t3scan.1.7.5.0

Kaspersky

not-a-virus:Downloader.Win32.Montiera

14.0.0.3347

McAfee

Artemis!3DA26A7DBD02

5600.7026

NANO AntiVirus

Trojan.Win32.DownLoader11.dcoupy

0.28.2.61519

Panda Antivirus

Trj/Chgt.B

14.08.26.03

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.MontieraTechnologies.C

14.8.26.15

Trend Micro House Call

Suspicious_GEN.F47V0811

7.2.238

Vba32 AntiVirus

Downloader.Montiera

3.12.26.3

VIPRE Antivirus

Montiera

32328

File size:

553.4 KB (566,664 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\web protect\wp.exe

Digital Signature

Signed by:

Montiera Technologies LTD

Authority:

COMODO CA Limited

Valid from:

7/22/2014 7:00:00 PM

Valid to:

7/23/2015 6:59:59 PM

Subject:

CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata

Compilation timestamp:

7/25/2014 8:34:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:UotuQ8dWISGEdqM46OCzcGMtSPyG0TEDx9TOh4aIFpmmo:UrdVSGEnOCzcGfyG0TEDx9T3v

Entry address:

0x12B48

Entry point:

E8, 73, 6A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 10, B3, 42, 00, 00, 74, 05, E9, CF, 6A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83... 
[+]

Entropy:

7.6842

Code size:

121.5 KB (124,416 bytes)

The file wp.exe has been discovered within the following program.

Web Protect for Windows by Web Protect

Web Protect is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.

87% remove it

Remove wp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.