home

6wzth.exe

Must have files

GCM

The application 6wzth.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.panningmanybanded.site.
Publisher:
GCM

Product:
Must have files

Description:
-----

Version:
208.19.41.95

MD5:
9344fe4aea4aa2dd8d320fa41720e556

SHA-1:
d440ad6e3147d55e8ec58cb38f6384ca22e66ff9

SHA-256:
d4536ff5dd4e2bc5d419be85f25e4b1377673a05b7e8c4ecbd6246c8257e632f

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
3/4/2026 5:28:47 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Razy.16037
11.5.0.6191

ESET NOD32
Win32/Amonetize.SK potentially unwanted application
8.0.319.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Amonetize
15.0.0.562

McAfee
Program.PUP-RHEI
18.0.204.0

Norman
Gen:Variant.Razy.8541
02.04.2016 17:35:19

File size:
1.3 MB (1,394,176 bytes)

Product version:
208.19.41.95

Copyright:
Copyright 2016

Trademarks:
Mark Cap

Original file name:
osetup.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\6wzth.exe

File PE Metadata
Compilation timestamp:
5/9/2016 6:06:50 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:amEEsMtUMg3KY3APUAPtLUlC7YZ2O0THxp0FMJ1/fYIT0tHg:7EoXg3VgPtLHUZ2O0THxGGZYO05

Entry address:
0x7481

Entry point:
E8, 6A, 53, 00, 00, E9, 81, FE, FF, FF, 6A, 00, E9, FF, D0, 00, 00, C3, E9, 0B, FC, 00, 00, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 35, D8, 01, 42, 00, E9, B4, D0, 00, 00, FF, D0, 5D, C2, 04, 00, A1, D4, 01, 42, 00, C3, 8B, FF, 56, FF, 35, D8, 01, 42, 00, E9, 19, 49, 00, 00, 8B, F0, 85, F6, 75, 19, FF, 35, 5C, 0E, 42, 00, E9, BD, B3, FF, FF, 8B, F0, 56, FF, 35, D8, 01, 42, 00, E9, C7, EE, FF, FF, 8B, C6, 5E, C3, 8B, FF, 55, 8B, EC, FF, 75, 0C, FF, 75, 08, FF, 35, 60, 0E, 42, 00, E9, 66, 60, 00, 00...
 
[+]

Entropy:
7.4424

Code size:
102.5 KB (104,960 bytes)

The file 6wzth.exe has been seen being distributed by the following URL.

http://www.panningmanybanded.site/.../6wzth.exe

Remove 6wzth.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.