wsearch.exe

The executable wsearch.exe has been detected as malware by 24 anti-virus scanners.
MD5:
4baeb326ae2d3c6f9ae76a2db280a80c

SHA-1:
0391014582ff158ac2965f08c144ecc2a6a568d2

SHA-256:
79ff8cecea718653ffdcd38fbd67a80cbc844f0629588f99d5205096d2c63266

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
11/25/2024 1:14:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1499584
1071

Avira AntiVirus
TR/Agent.137216.37
7.11.133.206

avast!
Win32:Trojan-gen
2014.9-140301

AVG
Delf
2015.0.3549

Baidu Antivirus
Trojan.Win32.Delf
4.0.3.1431

Bitdefender
Trojan.GenericKD.1499584
1.0.20.300

Bkav FE
W32.GaripeL.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
17852

Dr.Web
Trojan.DownLoad3.31391
9.0.1.060

Emsisoft Anti-Malware
Trojan.GenericKD.1499584
8.14.03.01.12

ESET NOD32
Win32/Delf.RSG
8.9477

F-Secure
Trojan.GenericKD.1499584
11.2014-01-03_7

G Data
Trojan.GenericKD.1499584
14.3.24

IKARUS anti.virus
Win32.Trojan
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11278

McAfee
RDN/Generic.grp!go
5600.7205

MicroWorld eScan
Trojan.GenericKD.1499584
15.0.0.180

Norman
Troj_Generic.RTWZM
11.20140301

nProtect
Trojan.GenericKD.1499584
14.02.27.01

Panda Antivirus
Trj/CI.A
14.03.01.12

Rising Antivirus
PE:Trojan.Delphi!6.3D4
23.00.65.14227

Trend Micro House Call
TROJ_GEN.R0CBB01AL14
7.2.60

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
26890

File size:
134 KB (137,216 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\wsearch\wsearch.exe

File PE Metadata
Compilation timestamp:
8/1/2013 8:06:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:kk+dWtm5ot2y2NcLbtwTBf8Pp888888888888W88888888888:kk+1TOwTB0R888888888888W8888888X

Entry address:
0x15178

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 10, 2B, 41, 00, E8, E3, 34, FF, FF, BB, 78, EE, 41, 00, 33, C0, 55, 68, 5A, 52, 41, 00, 64, FF, 30, 64, 89, 20, 68, 68, 52, 41, 00, E8, 3E, 36, FF, FF, A3, 50, 98, 41, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, A1, 38, CC, 41, 00, 50, 6A, 00, BA, 84, 52, 41, 00, B8, 84, 52, 41, 00, B9, 00, 00, 00, 80, E8, C1, 36, FF, FF, A3, 74, EE, 41, 00, 68, 94, EE, 41, 00, 6A, 00, 6A, 00, 68, 3C, 27, 41, 00, 6A, 00, 6A, 00, E8, E1, 34, FF, FF, A3, 40, 98, 41, 00, EB, 46, 8B, 43...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
77.5 KB (79,360 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to winpop.zomro.com  (93.170.141.184:80)

TCP (HTTP):
Connects to vz1.hostlife.net  (195.16.91.27:80)

TCP:
Connects to otlichnik1.planetahost.ru  (185.31.160.180:444)

TCP (HTTP):
Connects to mailbora.beget.ru  (91.106.203.91:80)

TCP (HTTP SSL):
Connects to mad06s25-in-f131.1e100.net  (216.58.201.131:443)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (5.79.83.10:80)

TCP (HTTP):
Connects to fortpoint.amerinoc.com  (216.17.111.105:80)

TCP (HTTP):
Connects to ec2-23-23-97-1.compute-1.amazonaws.com  (23.23.97.1:80)

TCP (HTTP):
Connects to 199.189.108.72.static.midphase.com  (199.189.108.72:80)

Remove wsearch.exe - Powered by Reason Core Security