Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
(Note, WhiteSmoke publishes each variation of this file with the same version, but the hashes are unique.)
Relationships
WSEnrichment.exe
WSEnrichment Application by WhiteSmoke
Version: | 1.0.6033.0 |
MD5: | 2e0b62615aa21a9fce189c9db9fdfced |
SHA1: | a53a56bfb53154ee4b7cdf7c61935a2965b71590 |
SHA256: | c02aa0525033d8dbd7310ec6f149d341a5bbfa19db33dc4a6cde81aa448dbd78 |
Warning 4 antivirus scanners has detected malware.
Overview
wsenrichment.exe is malware that executes as a process with the local user's privileges. During installation, it (or a shortcut) is added to the user's startup folder which is designed to automatically launch when the user logs into Windows. It is installed with a couple of know programs including WhiteSmoke published by WhiteSmoke and WhiteSmoke published by WhiteSmoke.
Details
File name: | wsenrichment.exe |
Publisher: | WhiteSmoke |
Product name: | WSEnrichment Application |
Typical file path: | C:\Program Files\whitesmoke\wsenrichment.exe |
File version: | 1.0.6033.0 |
Size: | 2.06 MB (2,162,688 bytes) |
Build date: | 4/12/2011 8:40 AM |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
Code language: | Microsoft Visual C++ 8.0 |
.NET CLR: | No |
More details
Programs
The following programs will install this file
WhiteSmoke is a toolbar for Intenet Explorer and Firefox. The toolbar collects and stores information about your web browsing habits and sends this information to WhiteSmoke so they can suggest services or provide advertising via the toolbar. The WhiteSmoke Toolbar will attempt to change your home page and search provider if you are not careful during installation and provides a search box and various other generic features in the toolb...
Behaviors
User start menu folder
Shortcut pointer placed in '%appdata%\Microsoft\Windows\Start Menu'
- Shortcut to 'wsenrichment.exe'
Network connections
[TCP] 63.236.35.10:80
[UDP] listens on port 62660
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Dr.Web |
8.13.10.6 |
Adware.WhiteSmoke.30 |
Emsisoft Anti-Malware |
3.0.0.575 |
Trojan.Win32.WhiteSmoke.AMN (A) |
eSafe |
7.0.17.0 |
Win32.WhiteSmoke |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1101 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00007461% | |
Kernel CPU: | 0.00000721% | |
User CPU: | 0.00006740% | |
Kernel CPU time: | 2,044 ms/min | |
CPU cycles: | 5,047,496/sec | |
Memory |
Private memory: | 45.38 MB | |
Private (maximum): | 66.23 MB | |
Private (minimum): | 1.12 MB | |
Non-paged memory: | 45.38 MB | |
Virtual memory: | 271.76 MB | |
Virtual memory (peak): | 284.96 MB | |
Working set: | 11.32 MB | |
Working set (peak): | 66.23 MB | |
Page faults: | 41,019/min | |
I/O |
I/O read transfer: | 1.42 KB/sec | |
I/O read operations: | 1/sec | |
I/O write transfer: | 3 Bytes/sec | |
I/O write operations: | 1/sec | |
I/O other transfer: | 113 Bytes/sec | |
I/O other operations: | 7/sec | |
Resource allocations |
Threads: | 20 | |
Handles: | 435 | |
GUI GDI count: | 41 | |
GUI GDI peak: | 45 | |
GUI USER count: | 65 | |
GUI USER peak: | 74 | |
Process properties
Integrety level: | Medium |
Platform: | 64-bit |
Command line: | "C:\Program Files\whitesmoke\wsenrichment.exe" |
Owner: | User |
Threads
Averages
WSEnrichment.exe (main module) |
Total CPU: | 0.00083329% | |
Kernel CPU: | 0.00038352% | |
User CPU: | 0.00044977% | |
CPU cycles: | 1,608,499/sec | |
Memory: | 2.08 MB | |
wow64.dll (Win32 Emulation on NT64 by Microsoft) |
Total CPU: | 0.00006802% | |
Kernel CPU: | 0.00000523% | |
User CPU: | 0.00006279% | |
CPU cycles: | 2,366/sec | |
Memory: | 252 KB | |
ntdll.dll |
Total CPU: | 0.00004186% | |
Kernel CPU: | 0.00000000% | |
User CPU: | 0.00004186% | |
CPU cycles: | 41,422/sec | |
Memory: | 1.66 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
50.00% |
|
Windows Vista Home Basic |
50.00% |
|
Distribution by country
United States installs about 50.00% of WSEnrichment Application.
Distribution by PC manufacturer
PC Manufacturer | distribution |
Dell |
66.67% |
|
Hewlett-Packard |
33.33% |
|