home

aa.exe

JavaWi

The executable aa.exe has been detected as malware by 3 anti-virus scanners.
Publisher:
JavaWi

Product:
JavaWi

Version:
5.0.0.0

MD5:
b28d7850d42abd6b3ae67ce7112bdf15

SHA-1:
65efe9fa681bed949c4bc87701d5ed07fff53f20

SHA-256:
047342f2d3ef18741a84dce9a3baade673501a0df25580aad0fe8cb14c7ab253

Scanner detections:
3 / 68

Status:
Malware

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
4/26/2024 8:33:25 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
7.11.144.64

ESET NOD32
MSIL/Spy.Keylogger.LD (variant)
8.9698

Sophos
Mal/MSIL-AW
4.98

File size:
116 KB (118,784 bytes)

Product version:
5.0.0.0

Copyright:
Copyright © 2014

Original file name:
Wi Rat.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
4/18/2014 10:49:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:RPs1nEAcNu3gH4h6UGTMX+CGwmpjCkzif6EJlaAQzzUHCH92uTTY5MwHJQUFl1lM:0EAt3BGkF1A1ilpQnMo2uo59HdlfU

Entry address:
0x1AE3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
100 KB (102,400 bytes)

Remove aa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.