RemoveWAT.exe

RemoveWAT

Hazar & Co.

The application RemoveWAT.exe has been detected as a potentially unwanted program by 30 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Panda Antivirus Pro 2015 by Panda Security and Toolwiz Time Freeze 2016 by ToolWiz. The file has been seen being downloaded from s1132.chomikuj.pl and multiple other hosts.
Publisher:
Hazar & Co.

Product:
RemoveWAT

Version:
2.2.6.0

MD5:
bfacf78644ca41fd6d4b23976e7574a1

SHA-1:
6bdc28b673d25481a7a5828aca6efd87d2c90b14

SHA-256:
94a1a26f61b015c2ced2fd50bdba4070b6c9aec7d2938fbf7eb9e99960d3b7a9

Scanner detections:
30 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:17:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Hacktool.RemoveWAT.A
1142

Agnitum Outpost
HackTool.Wpakill
7.1.1

AhnLab V3 Security
PUP/Win32.101Alemi
2014.01.03

Avira AntiVirus
SPR/Tool.WPAkill.B.10
7.11.123.26

avast!
Win32:Wpakill [PUP]
2014.9-131219

AVG
HackTool
2014.0.3620

Bitdefender
Application.Hacktool.RemoveWAT.A
1.0.20.1765

Bkav FE
W32.Clod181.Trojan
1.3.0.4613

Clam AntiVirus
Hacktool.Crack.WPA
0.98/18155

Comodo Security
ApplicUnwnt.Win32.WPAkill.~A
17542

Dr.Web
Tool.Siggen.6228
9.0.1.0353

F-Prot
W32/Backdoor2.HKVF
v6.4.7.1.166

F-Secure
Application.Hacktool.RemoveWAT
11.2013-19-12_5

G Data
Application.Hacktool.RemoveWAT
13.12.22

IKARUS anti.virus
HackTool.Win32.Wpakill
t3scan.2.2.29

Kaspersky
not-a-virus:RiskTool.Win32.WatKill
14.0.0.4595

Malwarebytes
HackTool.Wpakill
v2013.12.19.10

McAfee
Artemis!BFACF78644CA
5600.7276

Microsoft Security Essentials
HackTool:Win32/Wpakill.B
1.165.247.01

MicroWorld eScan
Application.Hacktool.RemoveWAT.A
14.0.0.1059

NANO AntiVirus
Trojan.Win32.Wpakill.cscntg
0.28.0.57029

Norman
Suspicious_Gen2.KFAML
11.20131225

Reason Heuristics
Unnamed.Threat.46
14.3.2.14

Rising Antivirus
PE:Trojan.Win32.Generic.124713F0!306648048
23.00.65.131217

Sophos
RemoveWAT
4.96

SUPERAntiSpyware
Hacktool.WPAKill
10885

Trend Micro House Call
HKTL_WPAKILL
7.2.353

Trend Micro
HKTL_WPAKILL
10.465.19

VIPRE Antivirus
Trojan.Win32.Generic
25034

ViRobot
JS.A.Iframe.6663680
2011.4.7.4223

File size:
6.4 MB (6,664,704 bytes)

Product version:
2.2.6.0

Copyright:
Copyright Hazar & Co. © 2010

Original file name:
RemoveWAT.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\removewat.exe

File PE Metadata
Compilation timestamp:
9/20/2010 12:05:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:G33yKMaL/eXV1i/kDxkmcL/eXV1i/kaRWYL/eXV1i/kmeM1qj4iwiANvSo2/CAyq:QyKnZrrLGA3PhsKPkG0tWu

Entry address:
0x64390E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1471

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.3 MB (6,560,256 bytes)

The file RemoveWAT.exe has been discovered within the following programs.

Panda Antivirus Pro 2015  by Panda Security
www.pandasecurity.com/redirector/?app=Home&prod=114&lang=eng&custom=173956
About 6% of users remove it
www.Toolwiz.com
About 4% of users remove it
 
Powered by Should I Remove It?

The file RemoveWAT.exe has been seen being distributed by the following 50 URLs.

http://s1132.chomikuj.pl/File.aspx?e=ax6hkyad34sg9cPvh0D8PJsvJzP3Qs5ccsW84ThgzEAjAjWM91U4u5C_BcnlpBCPgk08DtJrvgynkpwJI9-oNBanecfI0WQH8L1xZjxHElKScAb81p8mKtXtRUn6WvpNFIAY73pbDCdw0zCwCw8HDg&pv=2

https://onedrive.live.com/download.aspx?cid=F7B106FFBD33AA6E&resid=F7B106FFBD33AA6E!805&canary=oNGTxbwYcymr lwqOT0unI92Tiyat7a9S8pcyswvX1Q=8&ithint=.exe

https://doc-14-ak-docs.googleusercontent.com/docs/securesc/117leg1vl91n7mf5rpsdft1kdk2k4tea/sdad0c9n1bfbt2f7npa0l7g8fgm17nrk/1427616000000/.../06976365020014373475/0Byh188ejIdYDU1dRRVk2UFpldmc?e=download

https://docs.google.com/uc?export=download&confirm=Muep&id=0Bx5y374aS7RUbnEyNmtTeWxGekE

https://onedrive.live.com/download.aspx?cid=DEAD72B7E605307F&resid=DEAD72B7E605307F!146&canary=RtdWHK9HfkGx2OCFYRv7PvQf7CG2HxYhjbcHzcl2bBo=4&ithint=.exe

https://ssbccg-ch3302.files.1drv.com/.../RemoveWAT.exe

ftp://158.108.96.50/Software/Webtip computer/วิธีแก้ windows Genuine Advantage/.../RemoveWAT 2.2.6.exe

http://www71.zippyshare.com/d/88373028/.../RemoveWAT_2.2.6.exe

http://rs14.rodfile.com:8182/d/.../REMOVEWAT.EXE

https://nowy.tlen.pl/api/v2/mails/messages/10001-99a87d99cea78ac54751a036/.../1.2

http://windows7-aktivator.ru/.../download.php?id=5

http://dc593.4shared.com/download/.../RemoveWAT_v226.exe

http://download1093.mediafire.com/7g1eld467dbg/.../RemoveWAT 2.2.6.exe

http://rs14.rodfile.com:8182/d/.../REMOVEWAT.EXE

https://doc-00-1o-docs.googleusercontent.com/docs/securesc/pg47otn72fbpq8ugdg6qsnjkmulgv0sn/t0hsa61bo0dlpbfp8m4ms0t2q96ut9il/1463248800000/.../10433799104110110059/0B7vvM12V4mhmdS03Z2gwaHdkbVE?e=download

http://saacsoftware.com/instalacao/utilitades/Programas Gerais/.../Win7_RemoveWAT.exe

https://mega.nz/temporary/.../1MFCzK5L

https://mega.nz/persistent/.../PMxXwayI

https://cloclo15.cldmail.ru/HdkT2aDDVJwdttotPLu/G/.../sn8L3iBtk?key=a16f47a82fea7ceb63a1388f2ff76782fdc1a549

https://mg.mail.yahoo.com/.../download?m=YaDownload&mid=2_0_0_1_3166054_AEZ2w0MAAALaVeAqKwugkD97kos&fid=Inbox&pid=2&clean=0&appid=YahooMailNeo&ymreqid=691a7339-2186-a7a1-0184-92000f010000

https://mega.nz/temporary/.../Tg812ASB

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-07-9fdJckDBfAiZoYofbQpCR0xQ-oBDsHLKQW0jYklMRa_4eTLNpmhsHgmwoIWPGBmBxuc2UTjmHlmQVvjcwMQ/messages/@.id==AIso5C4AAAcyUoeNFAAAADZDBlc/content/parts/@.id==2/raw?appid=YahooMailNeo&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBYzySBYraYUTnvCtODsNKqlYRimjvXiDc0aJFr4r8Kdug&error=https://ro-mg42.mail.yahoo.com/.../iframemsg?id=0e104eb6-c317-a407-4e8b-0c8ad5f2dd9b&ymreqid=98a6dff5-0183-9f45-0102-d30032010000

http://super-tuto.com/download/.../?wpdmdl=2525

https://onedrive.live.com/download.aspx?cid=012866580FAEB7A7&resid=12866580FAEB7A7!2230&ithint=.exe

http://www.sahavit.com/TRO/.../RemoveWAT.exe

http://www3.uptobox.com/d/.../RemoveWAT.exe

http://dc341.4shared.com/download/.../removewat_v226.exe

https://dl-web.dropbox.com/get/PC??/.../RemoveWAT_2.2.exe

http://wehaslinks.com/down_cc/.../RemoveWAT 2.2.6.exe

https://dl-web.dropbox.com/get/.../RemoveWAT.exe

Latest 30 of 105 download URLs

Remove RemoveWAT.exe - Powered by Reason Core Security