» wajam_64.exe.patcher
Overview
Analysis
File Details
Programs (1)
Network (1)

wajam_64.exe.patcher

The file wajam_64.exe.patcher has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Wajam which is a potentially unwanted software program. While running, it connects to the Internet address e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com on port 80 using the HTTP protocol.

File name:

Version:

1.60.10.2

MD5:

a55297e550790ad3a4db7e1e5e0e1ec4

SHA-1:

43ebf99f14261f2d0514f9e95d7a5fe11ba3c7a6

SHA-256:

b89e4ded4cf99dd866fad89e814fdeb03bf07c9f07a8ee1e25f0e5732b05072a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 11:15:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Wajam.Service

16.2.9.15

File size:

3 MB (3,135,488 bytes)

Product version:

1.60.10.2

Language:

English (United States)

Common path:

C:\Program Files\wajaneten\wajam_64.exe.patcher

File PE Metadata

Compilation timestamp:

2/4/2016 4:38:54 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:qQd4HhlOdPqzUzsLirqktK75LBo8ZjkUXzC8ltT87SfTfaFbNelCC:3dU2qhjki1aFbQCC

Entry address:

0x181520

Entry point:

48, 83, EC, 28, E8, 73, 0B, 02, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 48, 83, EC, 28, E8, CF, 27, 01, 00, 69, 48, 1C, FD, 43, 03, 00, 81, C1, C3, 9E, 26, 00, 89, 48, 1C, C1, E9, 10, 81, E1, FF, 7F, 00, 00, 8B, C1, 48, 83, C4, 28, C3, CC, CC, CC, 40, 53, 48, 83, EC, 20, 8B, D9, E8, 9F, 27, 01, 00, 89, 58, 1C, 48, 83, C4, 20, 5B, C3, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8D, 4C, 24, 30, FF, 15, 2C, 0D, 08, 00, 48, 8B, 54, 24, 30, 48, B9, 00, 80, C1, 2A, 21, 4E, 62, FE, 48, 03, D1, 48, 83... 
[+]

Code size:

2 MB (2,098,176 bytes)

The file wajam_64.exe.patcher has been discovered within the following program.

Wajam by Wajam

Wajam is a search-enhancement product, but it does not change homepage or search. This product shows display and/or text ads into third-party websites which may alter normal web page layouts.

www.wajam.com

73% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com (131.153.5.194:80)

Remove wajam_64.exe.patcher - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.