» aa.exe
Overview
Analysis
File Details

aa.exe

JavaWi

The executable aa.exe has been detected as malware by 13 anti-virus scanners.

File name:

aa.exe

Publisher:

JavaWi

Product:

JavaWi

Version:

5.0.0.0

MD5:

99c5569770ea1c8a1fb9f47a82d246db

SHA-1:

18a0c49984f517314a0b2fd66c246db547462b96

SHA-256:

4288d7a0409841bae40e93a39c1536414af69256626adc4510b826848d8ac11e

Scanner detections:

13 / 68

Status:

Malware

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/25/2024 8:08:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11208429

1022

Avira AntiVirus

TR/ATRAPS.Gen

7.11.144.64

AVG

PSW.MSIL

2015.0.3500

Bitdefender

Trojan.Generic.11208429

1.0.20.545

Emsisoft Anti-Malware

Trojan.Generic.11208429

8.14.04.19.05

ESET NOD32

MSIL/Spy.Keylogger.LD (variant)

8.9698

Fortinet FortiGate

MSIL/Agent.NRZX!tr

4/19/2014

G Data

Trojan.Generic.11208429

14.4.24

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3994

Microsoft Security Essentials

Trojan:MSIL/Vahodon.B

1.10502

MicroWorld eScan

Trojan.Generic.11208429

15.0.0.327

Sophos

Mal/MsilSteal-A

4.98

VIPRE Antivirus

Trojan.MSIL.Bladabindi.c

28388

File size:

111.7 KB (114,389 bytes)

Product version:

5.0.0.0

Original file name:

Wi Rat.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

4/16/2014 5:42:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:Zikop2OgLdbLAn42xNcuFpNrtfN1O1Tnap8FFgjo2q/EeU7R:4qLdbsDlti1TapCFgjBeU7R

Entry address:

0x1994E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

94.5 KB (96,768 bytes)

Remove aa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.