» ewsa.exe
Overview
Analysis
File Details
Programs (4)
Downloads (3)

ewsa.exe

ElcomSoft Co.Ltd. ewsa

ElcomSoft Co.Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from www.tusfiles.net and multiple other hosts a web site host known to distribute potentially unwanted software operated by Artur Kozak.

File name:

ewsa.exe

Publisher:

ElcomSoft Co.Ltd.

Product:

ElcomSoft Co.Ltd. ewsa

Description:

Elcomsoft Wireless Security Auditor

Version:

5,0,252, 0

MD5:

11d444a5ed212e12c9dc4ea162ff781d

SHA-1:

bd46ffc897d2bf88fa0b0a716ac9d850e091bb5a

SHA-256:

ee28ff77bd477641928d990839a53c811c0c6a0380a1d649d951c0a8557ce1c9

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/5/2024 11:19:57 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

HW32.CDB

1.3.0.4959

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14517

File size:

3.8 MB (4,002,304 bytes)

Product version:

5,0,252, 0

Original file name:

ewsa.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\elcomsoft wireless\lz0\ewsa.exe

File PE Metadata

Compilation timestamp:

3/21/2012 9:04:45 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:anz9SPjXaoRVbCwWI+YUeoCalZFaqBAHziJ0:az9SjVrbnWhYUeoPJk

Entry address:

0x88B000

Entry point:

60, 68, 20, AF, C9, 00, 6A, 40, 68, 00, 10, 00, 00, 68, 00, 00, 40, 00, 68, 10, AF, C9, 00, FF, 15, 44, 62, C4, 00, 68, 00, AF, C9, 00, 50, FF, 15, C8, 61, C4, 00, A3, A0, AF, C9, 00, FF, D0, BE, 00, A0, C9, 00, BF, 00, 00, 40, 00, B9, 00, 04, 00, 00, F3, A4, 68, 20, AF, C9, 00, 6A, 40, 68, 00, 10, 00, 00, FF, 35, A0, AF, C9, 00, FF, 15, A0, AF, C9, 00, A1, A0, AF, C9, 00, C6, 00, E9, BB, 00, B2, C8, 00, 2B, 1D, A0, AF, C9, 00, 83, EB, 05, 89, 58, 01, 61, E9, 1C, A2, FC, FF, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

1.6 MB (1,701,376 bytes)

The file ewsa.exe has been discovered within the following programs.

Advanced Office Password Recovery by ElcomSoft Co. Ltd.

Publisher's description - “Advanced Office Password Recovery is a program to recover lost or forgotten passwords to files/documents created in Microsoft Office components (all versions up to Office 2003) and other Microsoft software: Word, Excel, Access (including user-level passwords and owner information), Project, Money, PowerPoint, Publisher, Visio, OneNote, Backup, Schedule+, Mail.”

www.elcomsoft.com/aopr.html

4% remove it

Elcomsoft Internet Password Breaker by ElcomSoft Co. Ltd.

Publisher's description - “Elcomsoft Internet Password Breaker instantly reveals Internet passwords, retrieves login and password information protecting a variety of Web resources and mailboxes in various email clients.”

www.elcomsoft.com/einpb.html

About 1% of users remove it

Elcomsoft Phone Password Breaker by ElcomSoft Co. Ltd.

www.elcomsoft.ru

About 9% of users remove it

Elcomsoft Wireless Security Auditor by ElcomSoft Co. Ltd.

www.elcomsoft.com

About 2% of users remove it

The file ewsa.exe has been seen being distributed by the following 3 URLs.

https://www.tusfiles.net/crdwyqcrhl4d

http://o.tusfiles.net/d/.../EWSA.exe

http://www67.zippyshare.com/d/97707237/.../EWSA.exe

Scan ewsa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.