wpc_sweet-page.exe

445_wpc

Hefei Zhimingxingtong Software&Technology Co., Ltd.

The application wpc_sweet-page.exe by Hefei Zhimingxingtong Software&Technology Co. has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from i1.superstoragemy.com and multiple other hosts.
Publisher:

Product:
445_wpc

Description:
FileSyn

Version:
14.4.4.8

MD5:
29d3bf4c760843643a66ecd87ee602a9

SHA-1:
02622ace29219bf9499536890e7f03fc4a14616b

SHA-256:
9469ae4ec818ee440484f4454e99f5ad09087d45ac35ed4356b7579c9816749d

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:37:02 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Amonetiz
2014.06.28

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.14619

Dr.Web
Adware.Mutabaha.53
9.0.1.0170

ESET NOD32
Win32/ELEX.AJ (variant)
8.9963

Fortinet FortiGate
Riskware/Elex
6/19/2014

Reason Heuristics
PUP.HefeiZhimingxingtongSoftwareTechnologyCo.O
14.7.10.1

Total Defense
Win32/Tnega.fFNdbOB
37.0.11006

Trend Micro House Call
TROJ_GEN.F47V0606
7.2.191

File size:
675.2 KB (691,384 bytes)

Product version:
14.4.4.8

Copyright:
Copyright (C) 2014

Original file name:
FileSyn.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wpc_sweet-page.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/29/2013 2:07:05 AM

Valid to:
10/30/2014 2:07:05 AM

Subject:
CN="Hefei Zhimingxingtong Software&Technology Co., Ltd.", O="Hefei Zhimingxingtong Software&Technology Co., Ltd.", L=Hefei, S=Anhui, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11219E374B1001FFC6B983B5DE082D65401A

File PE Metadata
Compilation timestamp:
5/22/2014 12:42:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:7gmKVk5viTbVsmwH+pQlYoyWoWiemZPUdRtbQft72vUMUnFs9ek3eciQ:7JKLfBw9SZH2vInvI

Entry address:
0x5FC2F

Entry point:
E8, 32, D0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 7E, DD, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, B0, C5, FF, FF, 59, 33, C0, EB, 4D, 53, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, 54, 88, 49, 00, FF, 15, 28, E2, 47, 00, 8B, D8, 85, DB, 75, 5E, 39, 05, B4, 8A, 49, 00, 74, 40, 56, E8, BB, 1F, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, AB, 1F, 00, 00, 59, E8, 13, E2, FF, FF, C7, 00, 0C, 00, 00, 00, 33, C0, 5B...
 
[+]

Code size:
500 KB (512,000 bytes)

The file wpc_sweet-page.exe has been seen being distributed by the following 2 URLs.

Remove wpc_sweet-page.exe - Powered by Reason Core Security