ewsa.exe

ElcomSoft Co.Ltd. ewsa

ElcomSoft Co.Ltd.

This is a setup program which is used to install the application. The file has been seen being downloaded from www.tusfiles.net and multiple other hosts a web site host known to distribute potentially unwanted software operated by Artur Kozak.
Publisher:
ElcomSoft Co.Ltd.

Product:
ElcomSoft Co.Ltd. ewsa

Description:
Elcomsoft Wireless Security Auditor

Version:
5,0,252, 0

MD5:
11d444a5ed212e12c9dc4ea162ff781d

SHA-1:
bd46ffc897d2bf88fa0b0a716ac9d850e091bb5a

SHA-256:
ee28ff77bd477641928d990839a53c811c0c6a0380a1d649d951c0a8557ce1c9

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
12/26/2024 12:32:52 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.CDB
1.3.0.4959

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.14517

File size:
3.8 MB (4,002,304 bytes)

Product version:
5,0,252, 0

Copyright:
Copyright (c) 2009-2012 ElcomSoft Co.Ltd.

Original file name:
ewsa.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\elcomsoft wireless\lz0\ewsa.exe

File PE Metadata
Compilation timestamp:
3/21/2012 9:04:45 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:anz9SPjXaoRVbCwWI+YUeoCalZFaqBAHziJ0:az9SjVrbnWhYUeoPJk

Entry address:
0x88B000

Entry point:
60, 68, 20, AF, C9, 00, 6A, 40, 68, 00, 10, 00, 00, 68, 00, 00, 40, 00, 68, 10, AF, C9, 00, FF, 15, 44, 62, C4, 00, 68, 00, AF, C9, 00, 50, FF, 15, C8, 61, C4, 00, A3, A0, AF, C9, 00, FF, D0, BE, 00, A0, C9, 00, BF, 00, 00, 40, 00, B9, 00, 04, 00, 00, F3, A4, 68, 20, AF, C9, 00, 6A, 40, 68, 00, 10, 00, 00, FF, 35, A0, AF, C9, 00, FF, 15, A0, AF, C9, 00, A1, A0, AF, C9, 00, C6, 00, E9, BB, 00, B2, C8, 00, 2B, 1D, A0, AF, C9, 00, 83, EB, 05, 89, 58, 01, 61, E9, 1C, A2, FC, FF, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
1.6 MB (1,701,376 bytes)

The file ewsa.exe has been discovered within the following programs.

Advanced Office Password Recovery  by ElcomSoft Co. Ltd.
Publisher's description - “Advanced Office Password Recovery is a program to recover lost or forgotten passwords to files/documents created in Microsoft Office components (all versions up to Office 2003) and other Microsoft software: Word, Excel, Access (including user-level passwords and owner information), Project, Money, PowerPoint, Publisher, Visio, OneNote, Backup, Schedule+, Mail.”
www.elcomsoft.com/aopr.html
4% remove it
Elcomsoft Internet Password Breaker  by ElcomSoft Co. Ltd.
Publisher's description - “Elcomsoft Internet Password Breaker instantly reveals Internet passwords, retrieves login and password information protecting a variety of Web resources and mailboxes in various email clients.”
www.elcomsoft.com/einpb.html
About 1% of users remove it
Elcomsoft Phone Password Breaker  by ElcomSoft Co. Ltd.
www.elcomsoft.ru
About 9% of users remove it
Elcomsoft Wireless Security Auditor  by ElcomSoft Co. Ltd.
www.elcomsoft.com
About 2% of users remove it
 
Powered by Should I Remove It?

The file ewsa.exe has been seen being distributed by the following 3 URLs.

Scan ewsa.exe - Powered by Reason Core Security