home

wactivity.exe

WActivity

OFF Corp.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WActivity’.
Publisher:
MASTER.TO  (signed by OFF Corp.)

Product:
WActivity

Version:
1.0.0.474

MD5:
28f16601c40078ff46f0582393ac2b5e

SHA-1:
102c88437172084a9e859d622ade3c592b5f500b

SHA-256:
0fd67f4141607392f58a0603cf3dd93f388d37b850f6b6a042582a32bc92c953

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/24/2024 11:54:29 PM UTC  (a few moments ago)

File size:
6.7 MB (6,984,832 bytes)

Product version:
1.0.0.0

Copyright:
Copyright ⓒ MASTER.TO. All right reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\wactivity\wactivity.exe

Digital Signature
Signed by:
OFF Corp.

Authority:
VeriSign, Inc.

Valid from:
4/1/2011 9:00:00 AM

Valid to:
4/1/2013 8:59:59 AM

Subject:
CN=OFF Corp., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OFF Corp., L=Yongsan-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5F020C2050AC1EF52C35BA95D6A3D174

File PE Metadata
Compilation timestamp:
4/16/2012 6:47:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:JDpWc4kKqitegtti8k25EciD7m2ccdG/K+c:Jt7ceN8jwD7m2cSG/K+c

Entry address:
0x2317B8

Entry point:
55, 8B, EC, B9, 0D, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 84, 4F, 62, 00, E8, 54, A3, DD, FF, 33, C0, 55, 68, 62, 1C, 63, 00, 64, FF, 30, 64, 89, 20, E8, 99, 30, DD, FF, 85, C0, 0F, 8E, BE, 02, 00, 00, 8D, 55, D8, B8, 01, 00, 00, 00, E8, E4, 30, DD, FF, 8B, 45, D8, 8D, 55, DC, E8, 41, 29, DE, FF, 8B, 55, DC, B8, 74, 08, 64, 00, E8, 10, 64, DD, FF, 33, C0, 55, 68, 8D, 1A, 63, 00, 64, FF, 30, 64, 89, 20, 33, C9, B2, 01, A1, DC, BB, 60, 00, E8, 38, AB, E1, FF, A3, 78, 08, 64, 00, 33, C0, 55...
 
[+]

Entropy:
6.8325

Developed / compiled with:
Microsoft Visual C++

Code size:
2.2 MB (2,294,272 bytes)

Scheduled Task
Task name:
WActivityLogon_khcho80

Trigger:
Logon (Runs on logon)


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WActivity

Command:
C:\users\{user}\appdata\roaming\wactivity\wactivity.exe


Scan wactivity.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.