home

wwe_1.56.1.7.exe

preverttechnology.com

The application wwe_1.56.1.7.exe by preverttechnology.com has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from install-apps.com and multiple other hosts.
Publisher:
preverttechnology.com  (signed and verified)

MD5:
165c4fa595c1c933a58fbd9b4efb2ba0

SHA-1:
04dc8b1290ad723772461d9f9cd06068e5a14e96

SHA-256:
8a7826368db8ef5e74f0ab0110a04ca21293d9a33f187449e019193e59f38fa6

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/26/2024 6:08:30 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/MSIL_Injector.AE.gen
v6.4.7.1.166

G Data
NSIS.Application.Wajam
15.11.25

Malwarebytes
PUP.Optional.Wajam
v2015.11.28.06

NANO AntiVirus
Trojan.Nsis.Wajam.dqgtqq
0.30.26.4751

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.Wajam.preverttechnology.Installer (M)
15.11.28.18

Rising Antivirus
NS:Adware.BrAppWare NS!1.A17E [F]
23.00.65.151126

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Wajamu
45482

Zillya! Antivirus
Adware.BrowseFox.Win32.184656
2.0.0.2536

File size:
3.7 MB (3,849,712 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\wwe_1.56.1.7.exe

Digital Signature
Signed by:
preverttechnology.com

Authority:
thawte, Inc.

Valid from:
8/24/2015 8:00:00 PM

Valid to:
8/24/2016 7:59:59 PM

Subject:
CN=preverttechnology.com, O=preverttechnology.com, L=Montreal, S=Quebec, C=CA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
043A590D27245C078EA6F029E994BE26

File PE Metadata
Compilation timestamp:
12/5/2009 5:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:c0hJWOIcA7jy9oj25O6P2mtsveh58PftTnEESSjmE1BrgPZzfNxQJp0Mbbsrqho2:zG9AO62nmDmftTEESSjBvWZzXIfeQoqX

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Entropy:
7.9993

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file wwe_1.56.1.7.exe has been seen being distributed by the following 4 URLs.

http://install-apps.com/.../WWE_1.56.1.7.exe

http://www.technologiegoyer.com/.../WWE_1.56.1.7.exe

http://wajam-download.com/.../WWE_1.56.1.7.exe

http://www.plateau-technologies.com/.../WWE_1.56.1.7.exe

Remove wwe_1.56.1.7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.