wajam_64.exe.patcher

The file wajam_64.exe.patcher has been detected as malware by 2 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “WajaIntEn Monitor”. This file is typically installed with the program Wajam which is a potentially unwanted software program. While running, it connects to the Internet address e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com on port 80 using the HTTP protocol.
Version:
1.58.10.2

MD5:
c5f704cb3038688cbf318a556a07cdf0

SHA-1:
2aae31ab3233db845f5e9d9844d2596d3a5676aa

SHA-256:
c4eae2d7a4fa8eba1978180fd876ea7145921e7d19c0d83d4cfa1269ca44f654

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/24/2024 5:18:24 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Ramnit.A
7.11.30.172

Reason Heuristics
Threat.Win.Reputation.IMP
16.1.3.14

File size:
2.7 MB (2,830,848 bytes)

Product version:
1.58.10.2

Copyright:
Copyright (C) 2014

Common path:
C:\Program Files\wajainten\wajam_64.exe.patcher

File PE Metadata
Compilation timestamp:
12/18/2015 11:18:29 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:5mDbxAx4IZ2zwLyqg5XGHaQBgGMKdE/5ZbT4Vvq:2XOgGMtAQ

Entry address:
0x150E40

Entry point:
48, 83, EC, 28, E8, 0B, 0C, 02, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 18, 48, 89, 4C, 24, 08, 55, 56, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 20, 41, 8B, E9, 45, 8B, F0, 4C, 8B, FA, 48, 85, D2, 74, 03, 48, 89, 0A, 48, 85, C9, 75, 17, E8, F8, EC, FF, FF, C7, 00, 16, 00, 00, 00, E8, 95, F9, 00, 00, 33, C0, E9, 8D, 01, 00, 00, 45, 85, C0, 74, 09, 41, 8D, 40, FE, 83, F8, 22, 77, DB, 0F, B7, 31, 33, FF, 48, 8D, 59, 02, 44, 8D, 6F, 08, EB, 07, 0F, B7, 33, 48, 83, C3, 02, 41, 8B...
 
[+]

Entropy:
6.1979

Code size:
1.8 MB (1,891,328 bytes)

Service
Display name:
WajaIntEn Monitor

Type:
Win32OwnProcess


The file wajam_64.exe.patcher has been discovered within the following program.

Wajam  by Wajam
Wajam is a search-enhancement product, but it does not change homepage or search. This product shows display and/or text ads into third-party websites which may alter normal web page layouts.
www.wajam.com
73% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com  (131.153.5.194:80)

Remove wajam_64.exe.patcher - Powered by Reason Core Security