wajam.exe

Wajam

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application wajam.exe has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.
Publisher:
Wajam

Product:
Wajam

Version:
4.0

MD5:
e0505c476cfb8d924cd2ee3a7438c680

SHA-1:
1571e84cfc9fa56fe9740c1b266d482881a404e4

SHA-256:
9713325ca49a2dcacc67cc23a3d247b9ba0ec08b9636db78cd9d8a9df4d3f153

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 12:09:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Dropper.J
861

Baidu Antivirus
PUA.Win32.Wajam
4.0.3.14927

Bitdefender
Adware.Dropper.J
1.0.20.1350

Dr.Web
Trojan.DownLoader10.51888
9.0.1.0270

Emsisoft Anti-Malware
Adware.Dropper
8.14.09.27.10

ESET NOD32
Win32/OutBrowse
8.9888

F-Secure
Adware.Dropper.J
11.2014-27-09_7

G Data
Adware.Dropper
14.9.24

herdProtect (fuzzy)
2014.12.9.1

K7 AntiVirus
Trojan
13.178.12292

Malwarebytes
PUP.Optional.Wajam.A
v2014.09.27.10

MicroWorld eScan
Adware.Dropper.J
15.0.0.810

nProtect
Adware.Dropper.J
14.06.03.01

Reason Heuristics
PUP.Wajam.F
14.9.27.10

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Wajam
29902

File size:
112.6 KB (115,303 bytes)

Copyright:
© Wajam

Trademarks:
Wajam

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wajam.exe

File PE Metadata
Compilation timestamp:
12/6/2009 9:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:3gXdZt9P6D3XJCNFShubiFlCAHfJLbpO5K/:3e34YNshu+vCMR/pOU/

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.1239

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file wajam.exe has been seen being distributed by the following 2 URLs.

Remove wajam.exe - Powered by Reason Core Security