» avawss.exe
Overview
Analysis
File Details
Downloads (1)

avawss.exe

The application avawss.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. The file has been seen being downloaded from 73616081-509517242719949032.preview.editmysite.com.

File name:

avawss.exe

MD5:

b4434e7c666026ffe3dfd7823fb7f273

SHA-1:

7efcdcf4e873e7ade8343bab7661e1b64b5e14df

SHA-256:

e687d81ab85f412e6a0feae30220abc09a3bd981d9afba5b9624c9c3e5c90388

Scanner detections:

25 / 68

Status:

Potentially unwanted

Analysis date:

2/25/2025 1:47:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.47721

336

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

AhnLab V3 Security

Malware/Win32.Generic

2016.03.02

Avira AntiVirus

TR/Dropper.MSIL.267152

8.3.3.2

Arcabit

Trojan.Strictor.DBA69

1.0.0.656

AVG

Atros3

2017.0.2814

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.1634

Bitdefender

Gen:Variant.Strictor.47721

1.0.20.320

Clam AntiVirus

Win.Trojan.Agent-982717

0.98/21511

Emsisoft Anti-Malware

Gen:Variant.Strictor.47721

8.16.03.04.08

ESET NOD32

MSIL/Kryptik.EFI (variant)

10.13113

Fortinet FortiGate

MSIL/Kryptik.EHW!tr

3/4/2016

F-Secure

Gen:Variant.Strictor.47721

11.2016-04-03_6

G Data

Gen:Variant.Strictor.47721

16.3.25

IKARUS anti.virus

Trojan.MSIL.Crypt

t3scan.2.0.8.0

K7 AntiVirus

Trojan

13.214.18909

Kaspersky

Trojan.MSIL.Zapchast

14.0.0.566

McAfee

RDN/Generic.grp

5600.6470

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.1.12400.0

MicroWorld eScan

Gen:Variant.Strictor.47721

17.0.0.192

Qihoo 360 Security

Win32/Trojan.Dropper.0f1

1.0.0.1120

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16302

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

47598

ViRobot

Trojan.Win32.Z.Strictor.82944.A[h]

2014.3.20.0

File size:

81 KB (82,944 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\avawss.exe

File PE Metadata

Compilation timestamp:

2/28/2016 8:59:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:un05m42ZuoxFxogrBnMDDj/2unIp87qjh3rmKPN:u05m42Zuod/rqDDj/2uINjZqMN

Entry address:

0xE37E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1789

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

49 KB (50,176 bytes)

The file avawss.exe has been seen being distributed by the following URL.

http://73616081-509517242719949032.preview.editmysite.com/uploads/7/3/6/1/.../javawss.exe

Remove avawss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.