r8zt.exe

RemoveWAT

Hazar & Co.

The application r8zt.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from l.facebook.com and multiple other hosts.
Publisher:
Hazar & Co.

Product:
RemoveWAT

Version:
2.2.5.0

MD5:
347c23328df393b95e29f9106379ed49

SHA-1:
416567a3bfafd5440e506a28bf305fc34967b95c

SHA-256:
88ebcfb830a2a32a9218273a053ae47b1778599057e29c4ebd494ce79e50097d

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 9:43:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Hacktool.RemoveWAT.A
1129

Agnitum Outpost
HackTool.Wpakill
7.1.1

AhnLab V3 Security
PUP/Win32.101Alemi
2013.12.20

Avira AntiVirus
SPR/Tool.WPAkill.B.7
7.11.123.202

avast!
Win32:PUP-gen [PUP]
2014.9-131223

AVG
HackTool
2015.0.3607

Bitdefender
Application.Hacktool.RemoveWAT.A
1.0.20.10

Bkav FE
W32.Clodf97.Trojan
1.3.0.4613

Clam AntiVirus
Hacktool.Crack.WPA
0.98/18355

Comodo Security
ApplicUnwnt.Win32.WPAkill.~A
17469

Dr.Web
Tool.Siggen.6228
9.0.1.02

F-Prot
W32/MalwareF.GUGF
v6.4.7.1.166

F-Secure
Application.Hacktool.RemoveWAT
11.2014-02-01_5

G Data
Application.Hacktool.RemoveWAT
14.1.22

IKARUS anti.virus
HackTool.Win32.Wpakill
t3scan.2.2.29

Kaspersky
not-a-virus:RiskTool.Win32.WatKill
14.0.0.4528

Malwarebytes
HackTool.Wpakill
v2013.12.23.03

McAfee
Artemis!347C23328DF3
5600.7272

Microsoft Security Essentials
HackTool:Win32/Wpakill.B
1.165.247.01

MicroWorld eScan
Application.Hacktool.RemoveWAT.A
15.0.0.6

Norman
Suspicious_Gen2.KFAML
11.20131223

Rising Antivirus
PE:Trojan.Win32.Generic.124713F0!306648048
23.00.65.131231

Sophos
RemoveWAT
4.96

SUPERAntiSpyware
Hacktool.WPAKill
10890

Trend Micro House Call
HKTL_WPAKILL
7.2.2

Trend Micro
HKTL_WPAKILL
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
25168

ViRobot
JS.A.Iframe.6663680
2011.4.7.4223

File size:
6.4 MB (6,663,680 bytes)

Product version:
2.2.5.0

Copyright:
Copyright Hazar & Co. © 2010

Original file name:
RemoveWAT.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\r8zt.exe

File PE Metadata
Compilation timestamp:
2/26/2010 7:57:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:p33yKMaL/eXV1i/kDxkmcL/eXV1i/kaRWYL/eXV1i/kmeM1qj4iwiANvSo2/CAyT:dyKnZrrLGA3PhsKPkG09WP

Entry address:
0x64349E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.3 MB (6,559,232 bytes)

The file r8zt.exe has been seen being distributed by the following 15 URLs.

http://l.facebook.com/l.php?u=http://www.seguidoresny.org/Predicas/2011/Remove WAT v2.2.5.2/.../RemoveWAT.exe&h=0AQF4n9ud&s=1

http://ftp.jaist.ac.jp/pub/sourceforge/s/si/.../RemoveWAT.exe

about:internet

https://dl-web.dropbox.com/get/.../RemoveWAT.exe

https://doc-00-8o-docs.googleusercontent.com/docs/securesc/8feca2u0dlntqg773cac12s09s9uldcp/43gjh1i6udecfmkqbh9h9fa1re6jkoua/1483768800000/.../06117801155167270888/0Bw6cNQINDKvHR2hwX0dTaXMySE0?e=download

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-VbUK9qvU8t933rfH0yS7oTmofVxaQpOxTF5qZRDoJY-gvmXcy-rJMFnl31PiR4AS-OZtZrw2rULBXQ-scIJXZQ/messages/@.id==AOt2w0MAOiAcV9kLkQnbcBYnEeo/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBawgd2LcoRApOOgKR9BPSH1BcCplcr-oJm_-hR324v6qPeRTMyYH55ZhAjwnCvq9Ig6y0cZDZK87O4GU8LnZAz6&error=https://us-mg4.mail.yahoo.com/.../iframemsg?id=37be172c-498c-a529-8655-d33243910dc6&ymreqid=10dcba47-2417-c776-0181-040094010000

http://dl.revenyou.com/Files//Setup_product_7799.exe

http://fisierulmeu.ro/.../?id=42QF8IWO741A&key=aHR0cDovL3MyLmZpc2llcnVsbWV1LnJvOjgxL2R3bl9saW5rcy84ODRmYzVmNzUyNDJhYzQxZDU1NmNkOTZiM2RiODBjNC81MTVmMWViNi80Mi80MlFGOElXTzc0MUEvbmFtZS9bd3d3LmZpc2llcnVsbWV1LnJvXSBSZW1vdmVXQVQuZXhl&uploader_id=

http://www.seguidoresny.org/Predicas/2011/Remove WAT v2.2.5.2/.../RemoveWAT.exe

Remove r8zt.exe - Powered by Reason Core Security