Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Advanced SystemCare Pro Review IObit Coupons A Good Utility Program From IObit IObit Driver Booster Pro Review IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs IObit Software Coupons & Promo Code

FP on WpaTray - 180Solutions.ncase


Recommended Posts

Ran IObit 360 for the first time and got a threat on WgaTray.exe. Ran it through Virustotal and got the following result.

 

File WgaTray.exe received on 2010.06.27 14:45:06 (UTC)

Current status: finished

Result: 1/41 (2.44%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 5.0.0.30 2010.06.27 -

AhnLab-V3 2010.06.27.01 2010.06.27 -

AntiVir 8.2.4.2 2010.06.25 -

Antiy-AVL 2.0.3.7 2010.06.25 -

Authentium 5.2.0.5 2010.06.26 -

Avast 4.8.1351.0 2010.06.27 -

Avast5 5.0.332.0 2010.06.27 -

AVG 9.0.0.836 2010.06.27 -

BitDefender 7.2 2010.06.27 -

CAT-QuickHeal 10.00 2010.06.26 -

ClamAV 0.96.0.3-git 2010.06.27 -

Comodo 5234 2010.06.27 -

DrWeb 5.0.2.03300 2010.06.27 -

eSafe 7.0.17.0 2010.06.24 Win32.Banker

eTrust-Vet 36.1.7668 2010.06.25 -

F-Prot 4.6.1.107 2010.06.27 -

F-Secure 9.0.15370.0 2010.06.26 -

Fortinet 4.1.133.0 2010.06.27 -

GData 21 2010.06.27 -

Ikarus T3.1.1.84.0 2010.06.27 -

Jiangmin 13.0.900 2010.06.27 -

Kaspersky 7.0.0.125 2010.06.27 -

McAfee 5.400.0.1158 2010.06.27 -

McAfee-GW-Edition 2010.1 2010.06.25 -

Microsoft 1.5902 2010.06.27 -

NOD32 5232 2010.06.27 -

Norman 6.05.10 2010.06.27 -

nProtect 2010-06-27.02 2010.06.27 -

Panda 10.0.2.7 2010.06.27 -

PCTools 7.0.3.5 2010.06.27 -

Prevx 3.0 2010.06.27 -

Rising 22.53.04.05 2010.06.25 -

Sophos 4.54.0 2010.06.27 -

Sunbelt 6513 2010.06.27 -

Symantec 20101.1.0.89 2010.06.27 -

TheHacker 6.5.2.0.303 2010.06.25 -

TrendMicro 9.120.0.1004 2010.06.27 -

TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -

VBA32 3.12.12.5 2010.06.25 -

ViRobot 2010.6.26.3907 2010.06.26 -

VirusBuster 5.0.27.0 2010.06.27 -

Additional information

File size: 304944 bytes

MD5 : b202d32c55ab828e3364109875f210f0

SHA1 : cdd70a37480535c95e3479aac37cf0b7331cc7d0

SHA256: d2d588a246033d262d804f2de028b458fe6459375e733809539af031846525b7

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x3254

timedatestamp.....: 0x44972F7F (Tue Jun 20 01:13:03 2006)

machinetype.......: 0x14C (Intel I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x3259C 0x32600 6.74 d1f43c09453a6be8588d903ab4c5ba44

.data 0x34000 0xA7A4 0x6800 4.45 e22a82f8a28cc96ad5e480f140480b2c

.rsrc 0x3F000 0xF9CC 0xFA00 3.76 25266bf81188f4d649b84750f6217058

 

( 8 imports )

 

> advapi32.dll: RegSetValueExA, RegCreateKeyExA, LookupAccountNameW, CopySid, GetLengthSid, RegQueryValueExW, RegSetValueExW, RegCreateKeyExW, GetTokenInformation, OpenProcessToken, OpenThreadToken, CryptReleaseContext, CryptDestroyKey, CryptAcquireContextA, CryptDestroyHash, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptDecrypt, RegNotifyChangeKeyValue, RegQueryValueExA, RegOpenKeyExA, RegCloseKey

> crypt32.dll: CryptUnprotectData, CryptProtectData

> kernel32.dll: SetEndOfFile, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, ReleaseMutex, CreateMutexW, WaitForSingleObject, CreateThread, CreateEventW, GetCurrentProcess, SetProcessWorkingSetSize, WaitForMultipleObjects, GetTempPathA, GetFileAttributesA, CreateDirectoryA, CreateFileA, WriteFile, CloseHandle, SetEvent, GetLastError, GetVersionExA, DeleteCriticalSection, InitializeCriticalSection, GetLocaleInfoA, GetACP, InterlockedExchange, FlushInstructionCache, ReadFile, GetFileSize, CreateFileMappingA, GetModuleHandleA, GetStartupInfoW, HeapFree, ExitProcess, GetProcAddress, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsAlloc, SetLastError, GetCurrentThread, TlsFree, TlsSetValue, TlsGetValue, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, VirtualQuery, LeaveCriticalSection, EnterCriticalSection, HeapAlloc, VirtualAlloc, HeapReAlloc, HeapSize, WideCharToMultiByte, GetTimeZoneInformation, LoadLibraryA, GetOEMCP, GetCPInfo, GetStringTypeA, GetStringTypeW, SetFilePointer, GetUserDefaultLCID, LCMapStringA, LCMapStringW, VirtualProtect, GetSystemInfo, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, FlushFileBuffers, FindClose, FindFirstFileW, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemDefaultLCID, FreeLibrary, CreateDirectoryW, GetCurrentDirectoryW, LocalFree, InterlockedIncrement, InterlockedDecrement, TryEnterCriticalSection, GetVolumeInformationA, CompareFileTime, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, GetSystemTime, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetComputerNameW, GetProcessHeap, SetFileAttributesW, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CreateFileW, UnmapViewOfFile, MapViewOfFile, InitializeCriticalSectionAndSpinCount, CreateEventA, Sleep, GetVersion

> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoCreateInstance, CLSIDFromProgID, CoCreateGuid, StringFromGUID2, CoSetProxyBlanket, CoInitializeEx

> oleaut32.dll: -, -, -, -, -, -, -, -

> shell32.dll: ShellExecuteA, Shell_NotifyIconW

> user32.dll: RegisterWindowMessageW, CreateWindowExW, PostMessageW, KillTimer, LoadImageW, LoadStringW, DestroyMenu, ShowWindow, SetForegroundWindow, GetCursorPos, SetMenuDefaultItem, DeleteMenu, UpdateWindow, GetMessageW, TranslateMessage, DispatchMessageW, TrackPopupMenu, LoadCursorW, RegisterClassExW, DefWindowProcW, PostQuitMessage, GetDoubleClickTime, SetTimer, LoadMenuW, GetSubMenu, LoadIconW, GetSystemMetrics, GetDesktopWindow

> wininet.dll: InternetSetOptionA, InternetErrorDlg, InternetCloseHandle, InternetOpenA

 

( 0 exports )

TrID : File type identification

68.0% (.EXE) Win32 Executable Generic (8527/13/3)

15.9% (.EXE) Generic Win/DOS Executable (2002/3)

15.9% (.EXE) DOS Executable Generic (2000/1)

0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)

ThreatExpert: http://www.threatexpert.com/report.aspx?md5=b202d32c55ab828e3364109875f210f0

ssdeep: 6144:5ZlWJjHLs8V7fgSne4DqYpytHs//15gTYb4xZJan:wVHLX1neEq4ytE16xw

sigcheck: publisher....: Microsoft Corporation

copyright....: © 1995-2006 Microsoft Corporation

product......: Windows Genuine Advantage

description..: Windows Genuine Advantage Notification

original name: WgaTray.exe

internal name: WgaNotify

file version.: 1.5.0540.0

comments.....: n/a

signers......: Microsoft Corporation

Microsoft Code Signing PCA

Microsoft Root Authority

signing date.: 12:19 AM 6/20/2006

verified.....: -

PEiD : -

RDS : NSRL Reference Data Set

 

 

Thanks

 

Paul

Link to comment
Share on other sites

Ran IObit 360 for the first time and got a threat on WgaTray.exe. Ran it through Virustotal and got the following result.

 

File WgaTray.exe received on 2010.06.27 14:45:06 (UTC)

Current status: finished

Result: 1/41 (2.44%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result

a-squared 5.0.0.30 2010.06.27 -

AhnLab-V3 2010.06.27.01 2010.06.27 -

AntiVir 8.2.4.2 2010.06.25 -

Antiy-AVL 2.0.3.7 2010.06.25 -

Authentium 5.2.0.5 2010.06.26 -

Avast 4.8.1351.0 2010.06.27 -

Avast5 5.0.332.0 2010.06.27 -

AVG 9.0.0.836 2010.06.27 -

BitDefender 7.2 2010.06.27 -

CAT-QuickHeal 10.00 2010.06.26 -

ClamAV 0.96.0.3-git 2010.06.27 -

Comodo 5234 2010.06.27 -

DrWeb 5.0.2.03300 2010.06.27 -

eSafe 7.0.17.0 2010.06.24 Win32.Banker

eTrust-Vet 36.1.7668 2010.06.25 -

F-Prot 4.6.1.107 2010.06.27 -

F-Secure 9.0.15370.0 2010.06.26 -

Fortinet 4.1.133.0 2010.06.27 -

GData 21 2010.06.27 -

Ikarus T3.1.1.84.0 2010.06.27 -

Jiangmin 13.0.900 2010.06.27 -

Kaspersky 7.0.0.125 2010.06.27 -

McAfee 5.400.0.1158 2010.06.27 -

McAfee-GW-Edition 2010.1 2010.06.25 -

Microsoft 1.5902 2010.06.27 -

NOD32 5232 2010.06.27 -

Norman 6.05.10 2010.06.27 -

nProtect 2010-06-27.02 2010.06.27 -

Panda 10.0.2.7 2010.06.27 -

PCTools 7.0.3.5 2010.06.27 -

Prevx 3.0 2010.06.27 -

Rising 22.53.04.05 2010.06.25 -

Sophos 4.54.0 2010.06.27 -

Sunbelt 6513 2010.06.27 -

Symantec 20101.1.0.89 2010.06.27 -

TheHacker 6.5.2.0.303 2010.06.25 -

TrendMicro 9.120.0.1004 2010.06.27 -

TrendMicro-HouseCall 9.120.0.1004 2010.06.27 -

VBA32 3.12.12.5 2010.06.25 -

ViRobot 2010.6.26.3907 2010.06.26 -

VirusBuster 5.0.27.0 2010.06.27 -

Additional information

File size: 304944 bytes

MD5 : b202d32c55ab828e3364109875f210f0

SHA1 : cdd70a37480535c95e3479aac37cf0b7331cc7d0

SHA256: d2d588a246033d262d804f2de028b458fe6459375e733809539af031846525b7

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x3254

timedatestamp.....: 0x44972F7F (Tue Jun 20 01:13:03 2006)

machinetype.......: 0x14C (Intel I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x3259C 0x32600 6.74 d1f43c09453a6be8588d903ab4c5ba44

.data 0x34000 0xA7A4 0x6800 4.45 e22a82f8a28cc96ad5e480f140480b2c

.rsrc 0x3F000 0xF9CC 0xFA00 3.76 25266bf81188f4d649b84750f6217058

 

( 8 imports )

 

> advapi32.dll: RegSetValueExA, RegCreateKeyExA, LookupAccountNameW, CopySid, GetLengthSid, RegQueryValueExW, RegSetValueExW, RegCreateKeyExW, GetTokenInformation, OpenProcessToken, OpenThreadToken, CryptReleaseContext, CryptDestroyKey, CryptAcquireContextA, CryptDestroyHash, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptDecrypt, RegNotifyChangeKeyValue, RegQueryValueExA, RegOpenKeyExA, RegCloseKey

> crypt32.dll: CryptUnprotectData, CryptProtectData

> kernel32.dll: SetEndOfFile, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, ReleaseMutex, CreateMutexW, WaitForSingleObject, CreateThread, CreateEventW, GetCurrentProcess, SetProcessWorkingSetSize, WaitForMultipleObjects, GetTempPathA, GetFileAttributesA, CreateDirectoryA, CreateFileA, WriteFile, CloseHandle, SetEvent, GetLastError, GetVersionExA, DeleteCriticalSection, InitializeCriticalSection, GetLocaleInfoA, GetACP, InterlockedExchange, FlushInstructionCache, ReadFile, GetFileSize, CreateFileMappingA, GetModuleHandleA, GetStartupInfoW, HeapFree, ExitProcess, GetProcAddress, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsAlloc, SetLastError, GetCurrentThread, TlsFree, TlsSetValue, TlsGetValue, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, VirtualQuery, LeaveCriticalSection, EnterCriticalSection, HeapAlloc, VirtualAlloc, HeapReAlloc, HeapSize, WideCharToMultiByte, GetTimeZoneInformation, LoadLibraryA, GetOEMCP, GetCPInfo, GetStringTypeA, GetStringTypeW, SetFilePointer, GetUserDefaultLCID, LCMapStringA, LCMapStringW, VirtualProtect, GetSystemInfo, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, FlushFileBuffers, FindClose, FindFirstFileW, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemDefaultLCID, FreeLibrary, CreateDirectoryW, GetCurrentDirectoryW, LocalFree, InterlockedIncrement, InterlockedDecrement, TryEnterCriticalSection, GetVolumeInformationA, CompareFileTime, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, GetSystemTime, GetPrivateProfileStringW, GetPrivateProfileSectionW, GetComputerNameW, GetProcessHeap, SetFileAttributesW, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CreateFileW, UnmapViewOfFile, MapViewOfFile, InitializeCriticalSectionAndSpinCount, CreateEventA, Sleep, GetVersion

> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoCreateInstance, CLSIDFromProgID, CoCreateGuid, StringFromGUID2, CoSetProxyBlanket, CoInitializeEx

> oleaut32.dll: -, -, -, -, -, -, -, -

> shell32.dll: ShellExecuteA, Shell_NotifyIconW

> user32.dll: RegisterWindowMessageW, CreateWindowExW, PostMessageW, KillTimer, LoadImageW, LoadStringW, DestroyMenu, ShowWindow, SetForegroundWindow, GetCursorPos, SetMenuDefaultItem, DeleteMenu, UpdateWindow, GetMessageW, TranslateMessage, DispatchMessageW, TrackPopupMenu, LoadCursorW, RegisterClassExW, DefWindowProcW, PostQuitMessage, GetDoubleClickTime, SetTimer, LoadMenuW, GetSubMenu, LoadIconW, GetSystemMetrics, GetDesktopWindow

> wininet.dll: InternetSetOptionA, InternetErrorDlg, InternetCloseHandle, InternetOpenA

 

( 0 exports )

TrID : File type identification

68.0% (.EXE) Win32 Executable Generic (8527/13/3)

15.9% (.EXE) Generic Win/DOS Executable (2002/3)

15.9% (.EXE) DOS Executable Generic (2000/1)

0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)

ThreatExpert: http://www.threatexpert.com/report.aspx?md5=b202d32c55ab828e3364109875f210f0

ssdeep: 6144:5ZlWJjHLs8V7fgSne4DqYpytHs//15gTYb4xZJan:wVHLX1neEq4ytE16xw

sigcheck: publisher....: Microsoft Corporation

copyright....: © 1995-2006 Microsoft Corporation

product......: Windows Genuine Advantage

description..: Windows Genuine Advantage Notification

original name: WgaTray.exe

internal name: WgaNotify

file version.: 1.5.0540.0

comments.....: n/a

signers......: Microsoft Corporation

Microsoft Code Signing PCA

Microsoft Root Authority

signing date.: 12:19 AM 6/20/2006

verified.....: -

PEiD : -

RDS : NSRL Reference Data Set

 

 

Thanks

 

Paul

 

Hi pew3841

 

After scanning, please save a report of the scanning result and send to us.

And then, you can upload or send us your suspicious file(WgaTray.exe), we can further investigate it and We can determine the false positive or not he is.

We are looking forward to your reply.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...