home

Virtuoso_Wam.exe

Virtuoso_Editor

VECO-GIS

The executable Virtuoso_Wam.exe has been detected as malware by 12 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-0k-04-docs.googleusercontent.com.
Publisher:
VECO-GIS

Product:
Virtuoso_Editor

Version:
3.07

MD5:
a79cb47e2e228dd6312f45e087a17937

SHA-1:
93ba1478f056d51703999edfda1f7aad79407cbe

SHA-256:
8ac5a7b7127cbd24962b66e74c83e626de7032a672916e3da24874b1ae1ccae5

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
12/26/2024 1:17:58 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160327-1

AVG
Win32/Virut
2015.0.4355

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
11.5.0.6191

ESET NOD32
Win32/Virut.NBP virus
8.0.319.0

F-Prot
W32/Virut.AL!Generic
4.6.5.141

F-Secure
Win32.Virtob.Gen.12
5.15.96

Kaspersky
Virus.Win32.Virut
15.0.0.562

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.190.0

Norman
Win32.Virtob.Gen.12
02.04.2016 17:35:19

VIPRE Antivirus
Threat.4737366
29708

File size:
1.5 MB (1,567,232 bytes)

Product version:
3.07

Original file name:
Virtuoso_Wam.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\virtuoso_wam.exe

File PE Metadata
Compilation timestamp:
11/11/2010 11:00:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:PeAnOPUkoT2tBPmJzcPxBipEK0dTIuoeDt2Z6Bj16QVkVuDy017xjMsqFJlegl0O:PebM96+zcPDipMIuDD24P+0hNdEn

Entry address:
0x719AA0

Entry point:
8D, 00, 89, DB, 8D, 3F, 83, 3C, 24, FE, FC, 77, FE, 8D, 64, 24, CC, F9, 60, 90, 83, EC, DC, E8, 3E, FC, FF, FF, 83, D2, 63, 4B, 66, 4B, 75, FC, 2C, F9, 46, 90, FF, 73, 3C, 59, 4E, 81, E9, FD, FF, FF, 7F, 73, EA, B6, 66, B0, 65, 81, D9, E6, 13, 00, 00, 86, C0, 71, DC, 42, 48, 42, F5, FF, B4, 19, E4, 13, 00, 80, 8A, C3, 48, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C2, 48, 20, CD, 48, E9, 8F, FC, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8740  (probably packed)

Code size:
1.4 MB (1,519,616 bytes)

The file Virtuoso_Wam.exe has been seen being distributed by the following URL.

https://doc-0k-04-docs.googleusercontent.com/docs/securesc/q8ghuu7cj5jnlsvbiuhmenjqg2bspvre/pp0h31anksuei6uh052lekgvg4pjr7se/1438041600000/06646540599986407611/.../0B9nPJ6_Fg-rVYk1CWXpQNFlTdGc?h=04504325597437836063&e=download

Remove Virtuoso_Wam.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.