RemoveWAT.exe

RemoveWAT

Hazar & Co.

The executable RemoveWAT.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from online.b1.org and multiple other hosts.
Publisher:
Hazar & Co.

Product:
RemoveWAT

Version:
2.2.5.0

MD5:
49806ed3a01ffe6765f0b6ba1289d97e

SHA-1:
b14f71e125aa19f2a5e1a2de08a2738901fa2683

SHA-256:
fcae67041366cb88ecd36dc848a13f0a40e9ba55869c2fd3ffef6449e6d63e25

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
8/18/2018 1:43:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Unnamed.Threat.43
14.3.26.5

File size:
6.4 MB (6,663,168 bytes)

Product version:
2.2.5.0

Copyright:
Copyright Hazar & Co. © 2010

Original file name:
RemoveWAT.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
2/27/2010 1:13:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:D33yKMaL/eXV1i/kDxkmcL/eXV1i/kaRWYL/eXV1i/kmeM1qj4iwiANvSo2/CAy4:byKnZrrLGA3PhsKPkG09W8

Entry address:
0x64337E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.3 MB (6,558,720 bytes)

The file RemoveWAT.exe has been seen being distributed by the following 12 URLs.

http://online.b1.org/rest/online/download/RemoveWAT2.2.5_janrock.rar/.../RemoveWAT 2.2.5.exe

http://dc128.4shared.com/download/.../removewat.exe

temp:RemoveWAT.exe

http://dc368.4shared.com/download/.../remove_wat.exe

Remove RemoveWAT.exe - Powered by Reason Core Security