wp.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application wp.exe by Montiera Technologies has been detected as a potentially unwanted program by 16 anti-malware scanners. This file is typically installed with the program Web Protect for Windows by Web Protect which is a potentially unwanted software program.
Publisher:
Montiera Technologies LTD  (signed and verified)

MD5:
3da26a7dbd02a3e219a540276afe4c72

SHA-1:
f4f0977b6476361996b3bc44aecb81d927339263

SHA-256:
b29c1f0562c40d8b8def2090784243ba3af7e717a3450023d00f8611b6ab1444

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 1:31:56 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

avast!
Win32:Malware-gen
2014.9-140927

AVG
Montiera
2015.0.3338

Baidu Antivirus
Hacktool.Win32.Montiera
4.0.3.14826

Dr.Web
Trojan.DownLoader11.22262
9.0.1.0238

Fortinet FortiGate
Riskware/Montiera
8/26/2014

IKARUS anti.virus
not-a-virus:Downloader.Montiera
t3scan.1.7.5.0

Kaspersky
not-a-virus:Downloader.Win32.Montiera
14.0.0.3347

McAfee
Artemis!3DA26A7DBD02
5600.7026

NANO AntiVirus
Trojan.Win32.DownLoader11.dcoupy
0.28.2.61519

Panda Antivirus
Trj/Chgt.B
14.08.26.03

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.MontieraTechnologies.C
14.8.26.15

Trend Micro House Call
Suspicious_GEN.F47V0811
7.2.238

Vba32 AntiVirus
Downloader.Montiera
3.12.26.3

VIPRE Antivirus
Montiera
32328

File size:
553.4 KB (566,664 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\web protect\wp.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/22/2014 7:00:00 PM

Valid to:
7/23/2015 6:59:59 PM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET=Harbert Samuel 46, L=Tel Aviv, S=Gush Dan, PostalCode=6330303, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CCD3CD85F8C32F5C3FF9264E1A57C07D

File PE Metadata
Compilation timestamp:
7/25/2014 8:34:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:UotuQ8dWISGEdqM46OCzcGMtSPyG0TEDx9TOh4aIFpmmo:UrdVSGEnOCzcGfyG0TEDx9T3v

Entry address:
0x12B48

Entry point:
E8, 73, 6A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 10, B3, 42, 00, 00, 74, 05, E9, CF, 6A, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83...
 
[+]

Entropy:
7.6842

Code size:
121.5 KB (124,416 bytes)

The file wp.exe has been discovered within the following program.

Web Protect for Windows  by Web Protect
Web Protect is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.
87% remove it
 
Powered by Should I Remove It?

Remove wp.exe - Powered by Reason Core Security