home

wsr0lwavdkk.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from xzone-reactor.com.
MD5:
6f1035148301d96db89a6029e982ef87

SHA-1:
976dd73df79eef5ecf9615429ea3180d43c24ffe

SHA-256:
70ee209f4c06f35ee31764504bae86eb6556b5a6b32ebadbb3abd2a5a3b914b9

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 2:26:06 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Agent
14.05.09

Bkav FE
HW32.CDB
1.3.0.4959

McAfee
Artemis!6F1035148301
5600.7136

Trend Micro House Call
TROJ_GEN.F47V0425
7.2.129

File size:
4.8 MB (5,017,092 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:jyOT6xvOVf9LaAAqFCewII9HBOTUx4QBziBuUTUhqcV6nGjIEKU17RCdY6:jy2UcFL9WVkTg4YziBuUTo9VlI19dY6

Entry address:
0x917A00

Entry point:
9C, FF, 34, 24, C7, 44, 24, 04, FB, 92, 33, 71, 60, C6, 04, 24, 72, C7, 44, 24, 20, FB, 06, FA, 49, 60, FF, 74, 24, 14, 8D, 64, 24, 44, E9, 8A, 28, 0D, 00, 31, C9, E9, B7, 0E, FE, FF, 77, 69, 6E, 69, 6E, 65, 74, 2E, 64, 6C, 6C, 00, E0, 77, 43, 35, 71, F7, 7F, C7, 0C, F8, 65, 2E, 45, 9E, F6, E2, F6, D0, D8, 18, 4C, 81, A5, 27, 9F, 1C, E8, BA, CE, 50, F4, 1A, F2, 6E, 66, 92, F6, D4, E0, F5, 7D, 85, 1A, 9A, 3E, D5, 1D, EC, 09, 9F, F6, 11, 82, B6, 70, 01, 8C, BF, 31, 81, 8E, D8, 5C, A2, 69, 61, 2E, B0, D0, 70...
 
[+]

Entropy:
7.8706  (probably packed)

Code size:
1.5 MB (1,591,296 bytes)

The file wsr0lwavdkk.exe has been seen being distributed by the following URL.

http://xzone-reactor.com/.../rename_me.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cf-190-93-255-41.cloudflare.com  (190.93.255.41:80)

TCP (HTTP):
Connects to cf-190-93-254-41.cloudflare.com  (190.93.254.41:80)

Scan wsr0lwavdkk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.