» WA.EXE
Overview
Analysis
File Details
Network (8)

WA.EXE

Worms Armageddon

Team17 Software Ltd

The executable WA.EXE, “Worms Armageddon 3.6.31.0” has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address k3.1azy.net on port 9070.

File name:

WA.EXE

Publisher:

Team17 Software Ltd

Product:

Worms Armageddon

Description:

Worms Armageddon 3.6.31.0

Version:

3.6.31.0

MD5:

44f051847722d0eeddfde4958a3ebf88

SHA-1:

6d031201d2b25916fdc49b1bff6d003ba1816cf6

SHA-256:

493b06da65b94e9d0113149867053072a4e647de5ea4d1abb243d4410dd4be1c

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

5/2/2024 10:30:24 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Renos

7.1.1

Avira AntiVirus

TR/Renos.NFH.31

7.11.169.230

Bkav FE

W32.Clod721.Trojan

1.3.0.4959

McAfee

Artemis!44F051847722

5600.7008

Norman

Renos.DESQ

11.20140913

Rising Antivirus

PE:Trojan.Win32.Generic.125941BD!307839421

23.00.65.14911

VIPRE Antivirus

SpywareStrike

32644

File size:

3.9 MB (4,079,616 bytes)

Product version:

3.6.31.0

Original file name:

WA.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

11/16/2010 6:36:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

49152:8surgq0C0vgQT+0FwNmIvCmb1BtVFTUhLf0x/I:TrCnYwNmIvCmBBt2Q

Entry address:

0x197FBA

Entry point:

E8, F3, D2, 00, 00, E9, 16, FE, FF, FF, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, 8C, 78, 62, 00, 33, C5, 89, 85, A4, 02, 00, 00, F6, 05, 88, 78, 62, 00, 01, 56, 74, 08, 6A, 0A, E8, B2, 38, 00, 00, 59, E8, B0, BD, 00, 00, 85, C0, 74, 08, 6A, 16, E8, B2, BD, 00, 00, 59, F6, 05, 88, 78, 62, 00, 02, 0F, 84, A0, 00, 00, 00, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00, 00, 89, 95, 80, 00, 00, 00, 89, 5D, 7C, 89, 75, 78, 89, 7D, 74, 66, 8C, 95, A0, 00, 00, 00, 66, 8C, 8D, 94, 00, 00, 00, 66, 8C... 
[+]

Code size:

1.7 MB (1,830,912 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to wormnet.team17.com (212.110.191.17:6667)

TCP:

Connects to k3.1azy.net (178.33.224.37:9070)

Remove WA.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.