» wajam_64.exe.patcher
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

wajam_64.exe.patcher

The file wajam_64.exe.patcher has been detected as malware by 2 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “WajaIntEn Monitor”. This file is typically installed with the program Wajam which is a potentially unwanted software program. While running, it connects to the Internet address e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com on port 80 using the HTTP protocol.

File name:

Version:

1.58.10.2

MD5:

c5f704cb3038688cbf318a556a07cdf0

SHA-1:

2aae31ab3233db845f5e9d9844d2596d3a5676aa

SHA-256:

c4eae2d7a4fa8eba1978180fd876ea7145921e7d19c0d83d4cfa1269ca44f654

Scanner detections:

2 / 68

Status:

Malware

Analysis date:

11/23/2024 11:50:45 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Ramnit.A

7.11.30.172

Reason Heuristics

Threat.Win.Reputation.IMP

16.1.3.14

File size:

2.7 MB (2,830,848 bytes)

Product version:

1.58.10.2

Common path:

C:\Program Files\wajainten\wajam_64.exe.patcher

File PE Metadata

Compilation timestamp:

12/18/2015 11:18:29 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:5mDbxAx4IZ2zwLyqg5XGHaQBgGMKdE/5ZbT4Vvq:2XOgGMtAQ

Entry address:

0x150E40

Entry point:

48, 83, EC, 28, E8, 0B, 0C, 02, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 18, 48, 89, 4C, 24, 08, 55, 56, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 20, 41, 8B, E9, 45, 8B, F0, 4C, 8B, FA, 48, 85, D2, 74, 03, 48, 89, 0A, 48, 85, C9, 75, 17, E8, F8, EC, FF, FF, C7, 00, 16, 00, 00, 00, E8, 95, F9, 00, 00, 33, C0, E9, 8D, 01, 00, 00, 45, 85, C0, 74, 09, 41, 8D, 40, FE, 83, F8, 22, 77, DB, 0F, B7, 31, 33, FF, 48, 8D, 59, 02, 44, 8D, 6F, 08, EB, 07, 0F, B7, 33, 48, 83, C3, 02, 41, 8B... 
[+]

Entropy:

6.1979

Code size:

1.8 MB (1,891,328 bytes)

Service

Display name:

WajaIntEn Monitor

Type:

Win32OwnProcess

The file wajam_64.exe.patcher has been discovered within the following program.

Wajam by Wajam

Wajam is a search-enhancement product, but it does not change homepage or search. This product shows display and/or text ads into third-party websites which may alter normal web page layouts.

www.wajam.com

73% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com (131.153.5.194:80)

Remove wajam_64.exe.patcher - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.