home

wpc_ar_201385172254_qvo6.exe

Banyan Tree Technology Limited

The application wpc_ar_201385172254_qvo6.exe by Banyan Tree Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i1.reportbox3.info and multiple other hosts.
Publisher:
Banyan Tree Technology Limited  (signed and verified)

Version:
2.0.2.2580

MD5:
a1011b0cc6834d4d5f1ba087694b4002

SHA-1:
bd47485f2bdae45a3bf187892af124393baf814d

SHA-256:
d0de1093592c36cedd00209a2206f06f9e0c1639d3a4ddea007c212598566b2c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
2/24/2025 10:43:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BanyanTreeTechnology (M)
16.1.17.11

File size:
334.6 KB (342,608 bytes)

Product version:
2.0.2.2580

Copyright:
Copyright (C) 2013

Original file name:
iXB.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\wpc_ar_201385172254_qvo6.exe

Digital Signature
Signed by:
Banyan Tree Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
1/10/2013 12:18:54 PM

Valid to:
1/11/2015 12:18:54 PM

Subject:
CN=Banyan Tree Technology Limited, O=Banyan Tree Technology Limited, L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C63E4490F9D28667737C8DE7D3B6805D

File PE Metadata
Compilation timestamp:
7/26/2013 1:27:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:RH1psCDvWTGnKD6CJq1ff6S5uOjNr6iXIBIK1WNeix+zEfzdy:5PTRnoUJVNT46KMwzWzdy

Entry address:
0xBF0E0

Entry point:
60, BE, 00, F0, 46, 00, 8D, BE, 00, 20, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8881

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
324 KB (331,776 bytes)

The file wpc_ar_201385172254_qvo6.exe has been seen being distributed by the following 2 URLs.

http://i1.reportbox3.info/.../wpc_ar_201385172254_qvo6.exe

http://i1.stylezip.info/.../wpc_ar_201385172254_qvo6.exe

Remove wpc_ar_201385172254_qvo6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.