» wsearch.exe
Overview
Analysis
File Details
Network (9)

wsearch.exe

The executable wsearch.exe has been detected as malware by 24 anti-virus scanners.

File name:

wsearch.exe

MD5:

4baeb326ae2d3c6f9ae76a2db280a80c

SHA-1:

0391014582ff158ac2965f08c144ecc2a6a568d2

SHA-256:

79ff8cecea718653ffdcd38fbd67a80cbc844f0629588f99d5205096d2c63266

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

11/25/2024 1:14:59 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1499584

1071

Avira AntiVirus

TR/Agent.137216.37

7.11.133.206

avast!

Win32:Trojan-gen

2014.9-140301

AVG

Delf

2015.0.3549

Baidu Antivirus

Trojan.Win32.Delf

4.0.3.1431

Bitdefender

Trojan.GenericKD.1499584

1.0.20.300

Bkav FE

W32.GaripeL.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

17852

Dr.Web

Trojan.DownLoad3.31391

9.0.1.060

Emsisoft Anti-Malware

Trojan.GenericKD.1499584

8.14.03.01.12

ESET NOD32

Win32/Delf.RSG

8.9477

F-Secure

Trojan.GenericKD.1499584

11.2014-01-03_7

G Data

Trojan.GenericKD.1499584

14.3.24

IKARUS anti.virus

Win32.Trojan

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11278

McAfee

RDN/Generic.grp!go

5600.7205

MicroWorld eScan

Trojan.GenericKD.1499584

15.0.0.180

Norman

Troj_Generic.RTWZM

11.20140301

nProtect

Trojan.GenericKD.1499584

14.02.27.01

Panda Antivirus

Trj/CI.A

14.03.01.12

Rising Antivirus

PE:Trojan.Delphi!6.3D4

23.00.65.14227

Trend Micro House Call

TROJ_GEN.R0CBB01AL14

7.2.60

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26890

File size:

134 KB (137,216 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\wsearch\wsearch.exe

File PE Metadata

Compilation timestamp:

8/1/2013 8:06:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:kk+dWtm5ot2y2NcLbtwTBf8Pp888888888888W88888888888:kk+1TOwTB0R888888888888W8888888X

Entry address:

0x15178

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 10, 2B, 41, 00, E8, E3, 34, FF, FF, BB, 78, EE, 41, 00, 33, C0, 55, 68, 5A, 52, 41, 00, 64, FF, 30, 64, 89, 20, 68, 68, 52, 41, 00, E8, 3E, 36, FF, FF, A3, 50, 98, 41, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, A1, 38, CC, 41, 00, 50, 6A, 00, BA, 84, 52, 41, 00, B8, 84, 52, 41, 00, B9, 00, 00, 00, 80, E8, C1, 36, FF, FF, A3, 74, EE, 41, 00, 68, 94, EE, 41, 00, 6A, 00, 6A, 00, 68, 3C, 27, 41, 00, 6A, 00, 6A, 00, E8, E1, 34, FF, FF, A3, 40, 98, 41, 00, EB, 46, 8B, 43... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

77.5 KB (79,360 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to winpop.zomro.com (93.170.141.184:80)

TCP (HTTP):

Connects to vz1.hostlife.net (195.16.91.27:80)

TCP:

Connects to otlichnik1.planetahost.ru (185.31.160.180:444)

TCP (HTTP):

Connects to mailbora.beget.ru (91.106.203.91:80)

TCP (HTTP SSL):

Connects to mad06s25-in-f131.1e100.net (216.58.201.131:443)

TCP (HTTP):

Connects to hosted-by.leaseweb.com (5.79.83.10:80)

TCP (HTTP):

Connects to fortpoint.amerinoc.com (216.17.111.105:80)

TCP (HTTP):

Connects to ec2-23-23-97-1.compute-1.amazonaws.com (23.23.97.1:80)

TCP (HTTP):

Connects to 199.189.108.72.static.midphase.com (199.189.108.72:80)

Remove wsearch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.