WTool.EXE

WTool

WooJung ITS

The application WTool.EXE by WooJung ITS has been detected as a potentially unwanted program by 28 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WTool’.
Publisher:
WooJung ITS Corp.  (signed by WooJung ITS)

Product:
WTool

Version:
1, 0, 0, 3

MD5:
3d733b265c0f343d1cc92bb2b8047682

SHA-1:
b06e6658ef865c03b676636bf68791da63628d47

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 11:03:52 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.11053
350

Agnitum Outpost
Adware.Kraddare
7.1.1

AhnLab V3 Security
PUP/Win32.NBiz
2016.01.12

Avira AntiVirus
TR/Graftor.11053.1
8.3.2.4

Arcabit
Trojan.Adware.Graftor.D2B2D
1.0.0.642

AVG
Skodna.Generic
2017.0.2828

Bitdefender
Gen:Variant.Adware.Graftor.11053
1.0.20.255

Clam AntiVirus
Win.Adware.Graftor-1
0.98/21511

Comodo Security
UnclassifiedMalware
23958

Dr.Web
Trojan.DownLoader5.31182
9.0.1.051

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.11053
8.16.02.20.10

ESET NOD32
Win32/Adware.Kraddare.GN (variant)
10.12853

Fortinet FortiGate
Riskware/Kraddare
2/20/2016

F-Secure
Gen:Variant.Adware.Graftor
11.2016-20-02_7

G Data
Gen:Variant.Adware.Graftor.11053
16.2.25

Malwarebytes
Adware.Kraddare
v2016.02.20.10

McAfee
Artemis!3D733B265C0F
5600.6484

MicroWorld eScan
Gen:Variant.Adware.Graftor.11053
17.0.0.153

Panda Antivirus
Generic Malware
16.02.20.10

Qihoo 360 Security
Win32/Trojan.15d
1.0.0.1077

Quick Heal
Adware.WTool.r4 (Not a Virus)
2.16.14.00

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16218

Sophos
Generic PUA LA (PUA)
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-FraudScan
9312

Trend Micro House Call
ADW_KRADDARE
7.2.51

Trend Micro
ADW_KRADDARE
10.465.20

VIPRE Antivirus
Trojan.Win32.Generic
46442

Zillya! Antivirus
Adware.Kraddare.Win32.376
2.0.0.2603

File size:
38.1 KB (39,032 bytes)

Product version:
1, 0, 0, 3

Copyright:
(c) WooJung ITS. All rights reserved.

Original file name:
WTool.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\wtool\wtool.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/11/2012 9:00:00 AM

Valid to:
5/12/2013 8:59:59 AM

Subject:
CN=WooJung ITS, O=WooJung ITS, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F9271CF4DE60DE37A832FF7C03AA9DE

File PE Metadata
Compilation timestamp:
12/19/2011 1:40:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:QuBjyRdvywixiKx751PEup3NJ3z18WpNc39g67Svc3mirILUfuf9:QuNyRvVKx751BvHp239g6oHIILU8

Entry address:
0x30CC

Entry point:
55, 8B, EC, 6A, FF, 68, 70, 45, 40, 00, 68, C0, 30, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 24, 42, 40, 00, 59, 83, 0D, 90, 63, 40, 00, FF, 83, 0D, 94, 63, 40, 00, FF, FF, 15, 28, 42, 40, 00, 8B, 0D, 84, 63, 40, 00, 89, 08, FF, 15, 2C, 42, 40, 00, 8B, 0D, 80, 63, 40, 00, 89, 08, A1, 30, 42, 40, 00, 8B, 00, A3, 8C, 63, 40, 00, E8, 16, 01, 00, 00, 39, 1D, A0, 62, 40, 00, 75, 0C, 68, 4E, 32, 40, 00, FF, 15, 34, 42...
 
[+]

Entropy:
4.4261

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
12 KB (12,288 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WTool

Command:
C:\Program Files\wtool\wtool.exe


Remove WTool.EXE - Powered by Reason Core Security