wajam_grupoblidoo.exe

Wajam

Wajam

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application wajam_grupoblidoo.exe by Wajam has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.wajam.com.
Publisher:
Wajam  (signed and verified)

Product:
Wajam

Version:
1.28

MD5:
d95c9c0778fbde21145070f39f021f88

SHA-1:
7a20bada18485e152c01311f38b43362e180a01c

SHA-256:
bf42568ebb94429f72108183fcee0dbf6d95a8454b92bafce44a87decf25857f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 10:50:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Wajam.Installer (M)
16.5.28.0

File size:
333.3 KB (341,296 bytes)

Copyright:
© Wajam. All right reserved.

Trademarks:
Wajam – Great minds search alike.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wajam_grupoblidoo.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
6/3/2011 2:00:00 AM

Valid to:
6/3/2012 1:59:59 AM

Subject:
CN=Wajam, O=Wajam, STREET=4115 St-Laurent, STREET=suite 200, L=Montreal, S=Quebec, PostalCode=H2W1Y7, C=CA

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
008A53AAD542C919DF7172AA6AFB312B17

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:hTq+bZLLJ+rbVlPENLKNw/uKS4ANHGo+WjuYQRd3urpCAomMlN8v9hbhV8q:h9Zp+rvLn4AN9MYod3wpHo3jklheq

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file wajam_grupoblidoo.exe has been seen being distributed by the following URL.

Remove wajam_grupoblidoo.exe - Powered by Reason Core Security