» wwe_1.60.101.4.exe
Overview
Analysis
File Details
Downloads (1)

wwe_1.60.101.4.exe

The application wwe_1.60.101.4.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from wajam-download.com.

File name:

wwe_1.60.101.4.exe

MD5:

15c73d502a145a7dad9044ca3244102e

SHA-1:

77d3de75bb8e9d1f94da83a77640b6c4dd6be17b

SHA-256:

5270469a9b0de52ed4b63da2e82b9f07b2812237ebe876549c00cdafe0d0cf6c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 2:20:57 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Wajam (M)

16.7.24.18

File size:

4.3 MB (4,502,482 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wwe_1.60.101.4.exe

File PE Metadata

Compilation timestamp:

11/2/2015 4:31:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:Y6l7ibY2oLI3eHAa4YTddpmpEyt+fre8CQ2/l/qVsf6/j1hzcSNln:Y6l7ibY2oLKeHjtmiy6e8CQ2/5q06j1d

Entry address:

0x2A0000

Entry point:

B9, 53, 94, 2F, 00, 90, 68, 18, 00, 6A, 00, 5F, 90, 68, 98, 05, 00, 00, 5E, 90, 31, 0C, 3E, 83, EE, 04, 75, F8, BB, E9, 2E, 00, 53, 94, 2F, 00, 53, 94, 6F, 00, 63, EF, 2F, 00, E3, 68, 6E, 00, 81, 97, 6D, 00, 53, 24, 2D, 00, 52, 94, 2F, 00, 33, 74, 6F, 00, 4D, 86, 6E, 00, 67, 86, 6E, 00, DB, 61, 2F, 00, 4F, 86, 2E, 00, 61, 86, 2E, 00, 33, 5C, 2F, 00, 4F, 86, 2E, 00, 61, 86, 2E, 00, 53, 94, 2F, 00, 53, 94, 2F, 00, 53, 94, 2F, 00, 53, 94, 2F, 00, A3, 74, 6F, 00, 53, 94, 2F, 00, 53, 94, 2F, 00, 53, 94, 2F, 00... 
[+]

Entropy:

7.9964 (probably packed)

Code size:

49 KB (50,176 bytes)

The file wwe_1.60.101.4.exe has been seen being distributed by the following URL.

http://wajam-download.com/.../WWE_1.60.101.4.exe

Remove wwe_1.60.101.4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.