home

removewga.exe

The executable removewga.exe has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from download1uk.softpedia.com.
MD5:
722e3b771ae1ff34876eadce7a242ef8

SHA-1:
03124903f34b09f38a5045f907120df54a8c801f

SHA-256:
418214930f7873fa58443851cd2e697e0741b2321c62f23ee0b3b820c488541d

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/25/2024 7:28:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

AVG
Collected_c
2017.0.2794

Comodo Security
Heur.Suspicious
23992

Dr.Web
Trojan.KillProc.24547
9.0.1.084

IKARUS anti.virus
Trojan.Collected
t3scan.1.9.5.0

McAfee
Artemis!722E3B771AE1
5600.6450

NANO AntiVirus
Trojan.Win32.Daws.crjvtm
1.0.14.5380

Panda Antivirus
Trj/OCJ.E
16.03.24.10

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16322

Trend Micro House Call
TROJ_SPNR.03EA13
7.2.84

Trend Micro
TROJ_SPNR.03EA13
10.465.24

VIPRE Antivirus
Trojan.Win32.Generic
46632

Zillya! Antivirus
Dropper.Daws.Win32.7188
2.0.0.2620

File size:
364.8 KB (373,540 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/26/2007 8:53:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:L4LPcOoBLwslRlas9FeEPrPPzvTx5MtnZ+ETfjHNpD3cb0fBiLBPPrPPmJVG:L4YOWflTEEPrPPLTxmnZ5TLHncb0ZsPh

Entry address:
0x29BA

Entry point:
E8, 7D, 19, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 64, F1, 40, 00, 75, 02, F3, C3, E9, FF, 19, 00, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, 44, 1E, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CC, 1D, 00, 00, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, 2F, 22, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0...
 
[+]

Entropy:
7.3459

Code size:
40.5 KB (41,472 bytes)

The file removewga.exe has been seen being distributed by the following URL.

http://download1uk.softpedia.com/dl/cec82187bbe8f86e6fe6c7f5f4fe0574/518a85f4/100042782/software/.../RemoveWGA.exe

Remove removewga.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.