home

RemoveWAT.exe

RemoveWAT

Hazar & Co.

The application RemoveWAT.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. The file has been seen being downloaded from doc-08-3o-docs.googleusercontent.com.
Publisher:
Hazar & Co.

Product:
RemoveWAT

Version:
2.2.5.2

MD5:
e13da56f03772e7ac7fc6d720a8a1e15

SHA-1:
7c26cff908d6766270e7f9d635c4f21245d98394

SHA-256:
60837c27a53757d39e4ee3cc5210e52a78572e02d065d1fc8a94bcffeddaf351

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
5/6/2024 5:20:57 PM UTC  (today)

Scan engine
Detection
Engine version

Microsoft Security Essentials
Threat.Undefined
1.213.4702.0

Sophos
PUA 'RemoveWAT' (of type Hacktool)
5.22

VIPRE Antivirus
Threat.4150696
46748

File size:
6.4 MB (6,663,680 bytes)

Product version:
2.2.5.2

Copyright:
Copyright Hazar & Co. © 2010

Original file name:
RemoveWAT.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\win73264??\removewat.exe

File PE Metadata
Compilation timestamp:
3/2/2010 11:57:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:O33yKMaL/eXV1i/kDxkmcL/eXV1i/kaRWYL/eXV1i/kmeM1qj4iwiANvSo2/CAy1:oyKnZrrLGA3PhsKPkG09Wp

Entry address:
0x64359E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 52, 35, 8D, 4B, 00, 00, 00, 00, 02, 00, 00, 00, 3D, 00, 00, 00, 1C, 40, 64, 00, 1C, 1A, 64, 00, 52, 53...
 
[+]

Entropy:
7.1466

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.3 MB (6,641,152 bytes)

The file RemoveWAT.exe has been seen being distributed by the following URL.

https://doc-08-3o-docs.googleusercontent.com/docs/securesc/1crlvisasuvnesoo400c0mnn5b9boqtk/6ruh33e50ear8alb72k061qn92d176jj/1455775200000/.../07785357307383701990/0B9kJQNTGUSXCdjZfbUItS3BOSkk?e=download

Remove RemoveWAT.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.