wpc_sweet-page.exe

28_wpc

Skytouch Technology Co., Limited

The application wpc_sweet-page.exe by Skytouch Technology Co., Limited has been detected as adware by 14 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from i1.stylezip.info and multiple other hosts.
Publisher:
Skytech Co., Ltd.  (signed by Skytouch Technology Co., Limited)

Product:
28_wpc

Description:
Skytech

Version:
5.1.0.208

MD5:
f9af7229398fa61d76eca2186b5769b7

SHA-1:
c38e5e48a86a6ff369ba0abe11d6e814163e8a47

SHA-256:
d5c972dab4036893a08a339e047bccac98ca4d1fbad0bebd91561d10de57a21a

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
11/23/2024 11:23:24 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen2
7.11.130.206

avast!
Win32:Malware-gen
2014.9-140412

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.14412

Dr.Web
Adware.Mutabaha.42
9.0.1.0102

Emsisoft Anti-Malware
Adware.Win32.AppInstall
8.14.04.12.11

ESET NOD32
Win32/ELEX
8.9406

Fortinet FortiGate
Riskware/Elex
4/12/2014

IKARUS anti.virus
Win32.Malware
t3scan.2.2.29

Malwarebytes
PUP.Optional.SkyTech.A
v2014.04.12.11

McAfee
Artemis!9CDEAD920A06
5600.7162

Reason Heuristics
PUP.SkytouchTechnologyCoLimited.O
14.4.12.23

Trend Micro House Call
TROJ_GEN.F47V0130
7.2.102

XVirus List
Win.Detected
2.3.31

File size:
551.6 KB (564,888 bytes)

Product version:
5.1.0.208

Copyright:
Skytech Copyright (C) 2013

Original file name:
Main.exe

File type:
Executable application (Win32 EXE)

Language:
Ingilizce (Birlesik Krallik)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wpc_sweet-page.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/24/2013 8:52:17 AM

Valid to:
7/9/2014 11:29:59 AM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata
Compilation timestamp:
4/9/2014 9:44:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:wEAjok/3OBq/LceQRU3pKRv8y11vR6pG/0NZ:wEAjokPOBq/LcnRQpqvv11Jw/Z

Entry address:
0x28332

Entry point:
E8, EC, B0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 5E, 11, 00, 00, 83, C4, 0C, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 39, 45, 14, 75, 18, E8, C2, 0E, 00, 00, C7, 00, 16, 00, 00, 00, E8, 13, 8A, 00, 00, 83, C8, FF, E9, 93, 00, 00, 00, 8B, 7D, 0C, 56, 8B, 75, 10, 85, F6, 74, 19, 85, FF, 75, 15, E8, 9B, 0E, 00, 00, C7, 00, 16, 00, 00, 00, E8, EC, 89, 00, 00, 83, C8, FF, EB, 6E, B8, FF, FF, FF, 7F, 89, 45, E4, 3B, F0, 77, 03...
 
[+]

Code size:
278 KB (284,672 bytes)

The file wpc_sweet-page.exe has been seen being distributed by the following 6 URLs.

http://i1.stylezip.info/.../wpc_sweet-page.exe

Remove wpc_sweet-page.exe - Powered by Reason Core Security