home

Wajamu

Publisher Information

Wajamu is a software publisher located in Herzlia, Israel*. The company is a primary distributor of unwanted software.
Authority:
Thawte, Inc.

Valid from:
8/26/2013 2:00:00 AM

Valid to:
8/27/2014 1:59:59 AM

Subject:
CN=Wajamu, O=Wajamu, L=Herzlia, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
254859747f512412bb92cb81d0c020a7

Scanner detections:
Detections  (98% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Wajamu.J, PUP.Wajamu.X, PUP.Wajamu.K, PUP.Wajamu.L, PUP.Wajamu.H, PUP.Wajamu.P, PUP.Installer.Wajamu.J, PUP.Wajamu.I, PUP.Wajam.Wajamu (M), PUP.Wajam.Wajamu.Installer (M), PUP.Wajam (M)
98.00%

VIPRE Antivirus
Threat.4895337, Wajamu
78.00%

ESET NOD32
Win32/Toolbar.Perion.J potentially unwanted application, Win64/Toolbar.Perion.B potentially unwanted application, Win32/Toolbar.BitCocktail.B potentially unwanted application
22.00%

Dr.Web
Adware.Shopper.816, Adware.Shopper.423
22.00%

Baidu Antivirus
Trojan.Win32.Bitcoinminer, Adware.Win32.BitCocktail
16.00%

ESET NOD32
Win32/Toolbar.BitCocktail (variant)
12.00%

Trend Micro House Call
TROJ_GEN.F47V0609, Suspicious_GEN.F47V0610, Suspicious_GEN.F47V0624, Suspicious_GEN.F47V0630, Suspicious_GEN.F47V0701
10.00%

avast!
Win64:Adware-gen [Adw], Win32:Adware-CXS [PUP]
10.00%

Malwarebytes
PUP.Optional.SweetPacks.A
8.00%

Fortinet FortiGate
Riskware/Toolbar_BitCocktail
2.00%

1 / 68      (Adware)
extensionupdaterservice.exe  (42c928316c733f97998257b3211258ed)

1 / 68      (Adware)
v-bates.exe (by Wajamu)  (9d27868636b94ff7a73e1a4033090989)

1 / 68      (Adware)
vstub.exe  (a94c3a80d638fa536ba3ef70f5d534ff)

1 / 68      (Adware)
libwinhook.dll  (e3a30f4440a0587da28b409709c9e262)

1 / 68      (Adware)
libinject2.dll  (59e60eb568a75635ba2ed38d832aa892)

1 / 68      (Adware)
vstub.exe  (563d1c643b85e956a1baae91c85c9e03)

4 / 68      (Adware)
tmp000000f2bbd029ee4336440e (dgchrome)  (dc2a687c4ff4bf819c46092ae01b925b)

1 / 68      (Adware)
playzy_demo_e37616f438b898cb86e3.exe (by Wajamu)  (cfc655f70031d601f96198bf75456a52)

1 / 68      (Adware)
vstub.exe  (536e7ad961d44ceb0c9353ba6404651c)

1 / 68      (Adware)
v-bates-us.exe  (4899afea4d76f8e4cfaab1df97b944d5)

1 / 68      (Adware)
playzy_beta_be72144834ffb7bc1f46.exe (by Wajamu)  (0e28c9c7f5d55af5576bacc9ce4a5818)

1 / 68      (Adware)
notifier.exe (Notifications by Wajamu)  (a6d45e8fe0c45a427c2cc4c6198936c9)

2 / 68      (Adware)
plbar.exe  (73d3344f8280bc27c68551d7de019cdb)

2 / 68      (inconclusive)
nmhclient.exe  (33a068860a6ac07ba534e838cf838729)

4 / 68      (Adware)
extension32.dll  (81391e0177f7f853f89ac488fa6ab20d)

2 / 68      (Adware)
installerhelper.dll  (bf563395148f80109c8af674febde69c)

6 / 68      (Adware)
extension64.dll  (6047ff74d5f44577390893cb1ecbc5ea)

7 / 68      (Adware)
extensionupdaterservice.exe  (1f3750e1ad57627092fda7610493d26e)

2 / 68      (Adware)
prefhelper.exe  (e24427accb0ec148bbad970d77c73749)

2 / 68      (Adware)
installerhelper.dll  (d196a5253c6f4c2af863178c2b59b88c)

5 / 68      (Adware)
extension64.dll  (b4b13bd45dcd100318140d29a22b41a6)

2 / 68      (Adware)
nmhclient.exe  (39f807280fc23a978f2e19f1039d9154)

5 / 68      (Adware)
v-bates.exe (by Wajamu)  (efbbf05c27e939155c74cbd94c177fb3)

4 / 68      (Adware)
extension32.dll  (b4b2543730aac1ac3a36e50d41016287)

2 / 68      (Adware)
prefhelper.exe  (46adcab02f4155ab51b24cf0c7df5597)

5 / 68      (Adware)
extensionupdaterservice.exe  (2fc21ddca3f8b7c07d0c02daf1427931)

6 / 68      (Adware)
v-bates.exe (by Wajamu)  (baca27621ddf43b487b774889790ed2e)

2 / 68      (Adware)
installerhelper.dll  (89c8dac195f306f554a050b93dc41952)

6 / 68      (Adware)
extension64.dll  (4e7e246f75c749abb9ce21bea5a1d397)

4 / 68      (Adware)
extension32.dll  (80dd212285e270636393e462732c8b90)

 
Latest 30 of 84 files

Downloads URLs for files signed by Wajamu.

6 / 68      (Adware)
http://24b9c2b31b06c472fcca-681664e3535063ecf3a37aa4fc97770c.r32.cf5.rackcdn.com/prime/.../v-bates.exe  (baca27621ddf43b487b774889790ed2e)

1 / 68      (Adware)
http://4588de65602251a77644-70eaad95d276c54a2feaa67d7824ba83.r7.cf5.rackcdn.com/glispa/.../playzy_demo_E37616F438B898CB86E3.exe  (cfc655f70031d601f96198bf75456a52)

4 / 68      (Adware)
http://24b9c2b31b06c472fcca-681664e3535063ecf3a37aa4fc97770c.r32.cf5.rackcdn.com/prime/.../v-bates.exe  (370cb1e4fda048b8757eb6236213691c)

5 / 68      (Adware)
http://24b9c2b31b06c472fcca-681664e3535063ecf3a37aa4fc97770c.r32.cf5.rackcdn.com/prime/.../v-bates.exe  (efbbf05c27e939155c74cbd94c177fb3)

7 / 68      (Adware)
http://24b9c2b31b06c472fcca-681664e3535063ecf3a37aa4fc97770c.r32.cf5.rackcdn.com/prime/.../v-bates.exe  (4d36df53b9342a4b858d9b81d7db8928)

The following websites host and distribute files published by Wajamu.

24b9c2b31b06c472fcca-681664e3535063ecf3a37aa4fc97770c.r32.cf5.rackcdn.com

4588de65602251a77644-70eaad95d276c54a2feaa67d7824ba83.r7.cf5.rackcdn.com

The following publishers (by Authenticode signature organization name) are related.

Passion Fruit Tech

Somoto Israel

* Note, the details and description above are based on the code signing digital signature issued to Wajamu by Thawte, Inc. on August 26, 2013 with the serial number '254859747f512412bb92cb81d0c020a7'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.