home

adwcleanera_setup.exe

AdwareBooC

WAT Software Rotterdam

The application adwcleanera_setup.exe by WAT Software Rotterdam has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ddr5ram.com.
Publisher:
WAT Software Rotterdam  (signed and verified)

Product:
AdwareBooC

Version:
1.0.0.0

MD5:
9a9b63761b916cfb65bf708741dfecbc

SHA-1:
df66bcb51cdceaf7a92cad8e90dad9dbf8e3114c

SHA-256:
478880104d344cb9d13a2e9534cbfe0f04c8b4d314ca759ea71127c74aaa99fd

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 2:24:45 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.136047
395

Agnitum Outpost
FraudTool.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.FakeAV
2015.08.23

Avira AntiVirus
TR/FakeAV.171112
8.3.1.6

Arcabit
Trojan.Zusy.D2136F
1.0.0.425

avast!
Win32:FakeAV-FLW [Trj]
2014.9-160106

Baidu Antivirus
Trojan.Win32.FakeAV
4.0.3.1616

Bitdefender
Gen:Variant.Zusy.136047
1.0.20.30

Dr.Web
Trojan.FakeAV.17850
9.0.1.06

Emsisoft Anti-Malware
Trojan.Win32.FakeScan
8.16.01.06.10

ESET NOD32
MSIL/Hoax.Agent.NBO
10.12137

F-Secure
Gen:Variant.Zusy.136047
11.2016-06-01_4

G Data
Gen:Variant.Zusy.136047
16.1.25

IKARUS anti.virus
Trojan.Fakeav
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.2016976

Malwarebytes
Trojan.FakeAdwareCleaner.A
v2016.01.06.10

McAfee
Artemis!9A9B63761B91
5600.6529

MicroWorld eScan
Gen:Variant.Zusy.136047
17.0.0.18

NANO AntiVirus
Trojan.Win32.FakeAV.dusvbh
0.30.24.3079

Panda Antivirus
Trj/CI.A
16.01.06.10

Quick Heal
TrojanFakeAV.Agent.r3
1.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R0E2C0OCV15
10.465.06

Vba32 AntiVirus
TrojanFakeAV.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43124

ViRobot
Trojan.Win32.S.Agent.171112.A[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Agent.Win32.520987
2.0.0.2366

File size:
167.1 KB (171,112 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
AdwareBooC.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\adwcleanera_setup.exe

Digital Signature
Signed by:
WAT Software Rotterdam

Authority:
COMODO CA Limited

Valid from:
7/14/2014 8:00:00 PM

Valid to:
7/15/2015 7:59:59 PM

Subject:
CN=WAT Software Rotterdam, O=WAT Software Rotterdam, STREET=Zestienhovensekade 197, L=Rotterdam, S=Zuid Holland, PostalCode=3043KM, C=NL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5182E5B24A4BCE268960C54B36E71D02

File PE Metadata
Compilation timestamp:
1/14/2015 5:33:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:h8MKvzKUmy91BH91Be/MbNBQ3MypF06N25xOTbJV30U:qey/BH/Be00Mypk5sRWU

Entry address:
0x2952E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6387

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
157.5 KB (161,280 bytes)

The file adwcleanera_setup.exe has been seen being distributed by the following URL.

http://ddr5ram.com/.../AdwCleanerA_Setup.exe

Remove adwcleanera_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.