home

wpespy.dll

The module wpespy.dll has been detected as a potentially unwanted program by 38 anti-malware scanners. The file has been seen being downloaded from s10183.chomikuj.pl.
MD5:
3fb67ceab8fb223312492842d7901e01

SHA-1:
24d701c846e164d8e9823237393f4bdfeef48fc1

SHA-256:
f0dc0e0813b1c63f9c6e9250558cbb1ff255ce2f077c1fc84f7f8f1efee69f62

Scanner detections:
38 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 11:06:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Sniffer.Wpepro.E
1131

Agnitum Outpost
HackTool.Agent
7.1.1

AhnLab V3 Security
Win-Trojan/Wpepro.184320.B
2014.01.14

Avira AntiVirus
SPR/Tool.WpePro.140
7.11.125.16

avast!
Win32:WpePro-L [PUP]
2014.9-131230

AVG
Tool
2014.0.3609

Baidu Antivirus
HackTool.Win32.Sniffer-WpePro
4.0.3.131230

Bitdefender
Application.Sniffer.Wpepro.E
1.0.20.1820

Bkav FE
W32.CinstupidE.Trojan
1.3.0.4613

Clam AntiVirus
Win.Trojan.Wpepro-2
0.98/23195

Comodo Security
TrojWare.Win32.HackTool.Sniffer.WPEPRO
17606

Dr.Web
riskware program Program.Wpe
9.0.1.05190

Emsisoft Anti-Malware
HackTool.Win32.Sniffer.WpePro
8.13.12.30.01

ESET NOD32
Win32/Sniffer.WpePro.B trojan
6.3.12010.0

Fortinet FortiGate
Riskware/WepPro.B
12/30/2013

F-Prot
W32/VirTool.GO
4.6.5.141

F-Secure
Riskware.Application.GenericKD.3862988
5.16.24

G Data
Application.Sniffer.Wpepro
13.12.22

IKARUS anti.virus
Sniffer.Win32.WpePro
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10825

Kaspersky
HackTool.Win32.Sniffer.WpePro
14.0.0.4542

Malwarebytes
HackTool.Sniffer.WpePro
v2013.12.30.01

McAfee
Sniff-WpePro
5600.7265

Microsoft Security Essentials
HackTool:Win32/WpePro
1.237.1055.0

MicroWorld eScan
Application.Sniffer.Wpepro.E
14.0.0.1092

NANO AntiVirus
Riskware.Win32.Sniffer-WpePro.hrnn
0.28.0.57029

Norman
WpePro.A
11.20131230

nProtect
Abuse-Worry/W32.Sniff.184320
14.01.13.01

Panda Antivirus
Sniffer/WpePro
13.12.30.01

Quick Heal
HackTool.Sniffer.WpePro.w (Not a Virus)
12.13.12.00

Sophos
Troj/WpePro-A
4.96

Total Defense
Win32/Cracker.AG
37.0.10498

Trend Micro House Call
TROJ_SPNR.0BBF13
7.2.14

Trend Micro
TROJ_SPNR.0BBF13
10.465.30

Vba32 AntiVirus
Sniffer.WpePro
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25410

ViRobot
Sniffer.WpePro.184320
2011.4.7.4223

XVirus List
Win.Detected
2.3.31

File size:
180 KB (184,320 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\wpespy.dll

File PE Metadata
Compilation timestamp:
3/23/2004 8:41:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:aCDlRInSTu6xpi9Hk+o4xTTWVWWwBHt3HOgiHFEkOlZCYLtfo85k2B:aLSTVOkz4xTTWKteB2kOl7lo8+2B

Entry address:
0x4040

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, CC, CF, 00, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, 9C, D6, 00, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, E7, FE, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, 90, E6, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, C3, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, B2, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
28 KB (28,672 bytes)

The file wpespy.dll has been seen being distributed by the following URL.

http://s10183.chomikuj.pl/File.aspx?e=0U9W5_1HTPuLwqlg9c-M3HjEWyCORwovcqnTMUR3r6lcUPY0ZOPwAG03FU-iaR3htv_vMsByBCve1dkCHBydPMWq3ZGyrw2aJ18vL6EaJKlX1qgmbcgpTkKl9cW0UY0uaiumbz_1hhghee-quq_gxw&pv=2

Remove wpespy.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.