wpc_sweet-page.exe

28_wpc

Skytouch Technology Co., Limited

The application wpc_sweet-page.exe by Skytouch Technology Co., Limited has been detected as adware by 13 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.po114.us.
Publisher:
Skytech Co., Ltd.  (signed by Skytouch Technology Co., Limited)

Product:
28_wpc

Description:
Skytech

Version:
3.1.0.3440

MD5:
a80f63186a1414870c0cbad62faab942

SHA-1:
8cc8da9756e9570c0bfec163f84c07a5efd96214

SHA-256:
f31861392a72394dc2ab75bf59c66820ef85d83a3141774572abed13c6300d19

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/23/2024 11:30:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.130.188

avast!
Win32:Malware-gen
2014.9-140320

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.1439

Dr.Web
Adware.Mutabaha.42
9.0.1.079

Emsisoft Anti-Malware
Adware.Win32.AppInstall
8.14.03.20.02

ESET NOD32
Win32/ELEX (variant)
8.9518

Fortinet FortiGate
Riskware/Elex
3/20/2014

IKARUS anti.virus
Win32.Malware
t3scan.2.2.29

Malwarebytes
PUP.Optional.SkyTech.A
v2014.03.09.04

McAfee
Artemis!9CDEAD920A06
5600.7185

Reason Heuristics
PUP.SkytouchTechnologyCoLimited.O
14.3.20.14

Trend Micro House Call
TROJ_GEN.F47V0306
7.2.68

File size:
859.1 KB (879,768 bytes)

Product version:
3.1.0.3440

Copyright:
Skytech Copyright (C) 2013

Original file name:
Main.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wpc_sweet-page.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/24/2013 4:52:17 PM

Valid to:
7/9/2014 7:29:59 PM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
Compilation timestamp:
3/6/2014 7:25:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:T3UZ+VvHrkVaQP2TOlUW+AbINXBpcJnYF2/MFk/rJlaiiGOm9:T3UZUfri+alUW+dXBkk2PRGM

Entry address:
0x63E9C

Entry point:
E8, D5, CA, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 94, 10, 00, 00, 83, C4, 0C, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 39, 45, 14, 75, 18, E8, F8, 0D, 00, 00, C7, 00, 16, 00, 00, 00, E8, AB, 93, 00, 00, 83, C8, FF, E9, 93, 00, 00, 00, 8B, 7D, 0C, 56, 8B, 75, 10, 85, F6, 74, 19, 85, FF, 75, 15, E8, D1, 0D, 00, 00, C7, 00, 16, 00, 00, 00, E8, 84, 93, 00, 00, 83, C8, FF, EB, 6E, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, F0, 77, 03...
 
[+]

Code size:
534 KB (546,816 bytes)

The file wpc_sweet-page.exe has been seen being distributed by the following URL.

Remove wpc_sweet-page.exe - Powered by Reason Core Security