Gridinsoft Logo
File Icon

WPE ULTRA.exe Virtool WpePro Analysis

Updated 11 months ago
Checked by Malaware Check
WPE ULTRA.exe

Technical Analysis

File Name WPE ULTRA.exe
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.181.174
Database Version 2024-07-02 22:00:22 UTC

Virtool.Win32.WpePro.vb!s1

Malware family: WpePro

N/A
Detection Rate
831,488
File Size (bytes)
2024-07-02
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
e6ff045938397e095c06faf5b2a01dc3
SHA1
adc18a81929b25825e53c1dfc6627f545cfe80b0
SHA256
d14d94cc0925787c85d51b80a6485b803713123d84c4179c9f42939ea647b1c7
SHA512
48cf245d0ecd2b42cf6e52d20cdafae6908195df4c0acab49d586da30e6a3d875c37571b804ca19bcd321851e4abc004010eb205fe8af96f6a7b7537929a7d40
ImpHash
98b100e2a4307f647d34623b73d03cf7

PE Analysis

Basic Information

Icon
Hash: 9e1e3ecaa30e28eabc72c18ae7020e1b
Fuzzy: b78fd64e3a1b1f2a1552763d5393faa4
dHash: 8268f49a9999da12
Image Base 0x00400000
Entry Point 0x0044e076
Compilation Time 2004-03-23 07:41:37
Checksum 0x00000000 (Actual: 0x000cc075)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature The PE file does not contain a certificate table.
Imports 12 libraries
Exports 0 functions
Resources 78 Resources
Sections 5 Sections

Version Information

CompanyName Kanowah
FileDescription WPE ULTRA Application
FileVersion 2, 7, 5, 1
InternalName WPE ULTRA
LegalCopyright Copyright (C) 2009
LegalTrademarks .....
OriginalFilename WPE ULTRA.EXE
ProductName WPE ULTRA Application
ProductVersion 2, 7, 5, 1
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 577,629 bytes 581,632 bytes 6.51 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 2E8F88DAC14AE06BC4B786EA9A9C798A
.rdata 0x0008f000 112,308 bytes 114,688 bytes 4.47 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ AC16E2208C0DD52BE99B5CB7B2290F99
.data 0x000ab000 164,456 bytes 24,576 bytes 3.45 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5A37BAEC7852F26E6C46CC7E4CB235EB
Shared 0x000d4000 4 bytes 4,096 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 620F0B67A91F7F74151BC5BE745B7110
.rsrc 0x000d5000 101,072 bytes 102,400 bytes 3.90 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 55F91C1402C026814EBD9CEC750226DB
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 78 (97,012 bytes)
Resource Type Count Total Size Percentage
RT_CURSOR 1 308 bytes
0.3%
RT_BITMAP 9 69,870 bytes
72%
RT_ICON 11 8,440 bytes
8.7%
RT_MENU 5 1,340 bytes
1.4%
RT_DIALOG 16 9,650 bytes
9.9%
RT_STRING 17 6,156 bytes
6.3%
RT_ACCELERATOR 1 112 bytes
0.1%
RT_GROUP_CURSOR 1 20 bytes
0%
RT_GROUP_ICON 11 220 bytes
0.2%
RT_VERSION 1 792 bytes
0.8%
None 5 104 bytes
0.1%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Virtool.Win32.WpePro.vb!s1 Removal

Gridinsoft has the capability to identify and eliminate Virtool.Win32.WpePro.vb!s1 without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware