» wafbb4ac6f.exe
Overview
Analysis
File Details
Downloads (1)

wafbb4ac6f.exe

The executable wafbb4ac6f.exe has been detected as malware by 30 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 188.68.255.236.

File name:

wafbb4ac6f.exe

MD5:

1d92d6bac8bd9e6792296f15a8b34cb3

SHA-1:

5073f20ab963044c6c0eb11fb7f71fe73d3e1c37

SHA-256:

512de9bb359dbca376adc310e724db20540aa6dc70f464d0a1959792e7ccc0a3

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/16/2024 4:45:56 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2030101

778

AhnLab V3 Security

Trojan/Win32.MDA

2014.12.18

Avira AntiVirus

TR/Lethic.A.175

7.11.196.132

avast!

Win32:Rootkit-gen [Rtk]

2014.9-141219

AVG

Inject2

2015.0.3256

Baidu Antivirus

Trojan.Win32.Yakes

4.0.3.141218

Bitdefender

Trojan.GenericKD.2030101

1.0.20.1760

Dr.Web

BackDoor.IRC.NgrBot.42

9.0.1.0352

Emsisoft Anti-Malware

Trojan.GenericKD.2030101

8.14.12.18.10

ESET NOD32

Win32/Injector.BRJE (variant)

8.10894

Fortinet FortiGate

W32/Yakes.HXAQ!tr

12/18/2014

F-Secure

Trojan.GenericKD.2030101

11.2014-18-12_5

G Data

Trojan.GenericKD.2030101

14.12.24

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.188.14368

Kaspersky

Trojan.Win32.Yakes

14.0.0.2775

Malwarebytes

Trojan.MSIL.ECED

v2014.12.18.10

McAfee

Artemis!1D92D6BAC8BD

5600.6912

Microsoft Security Essentials

VirTool:Win32/Injector.EY

1.11302

MicroWorld eScan

Trojan.GenericKD.2030101

15.0.0.1056

NANO AntiVirus

Trojan.Win32.Yakes.dkmtlo

0.28.6.64267

Norman

Troj_Generic.XQWGK

11.20141219

nProtect

Trojan.GenericKD.2030101

14.12.17.01

Panda Antivirus

Generic Suspicious

14.12.18.10

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.19.0

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Injector

10169

Trend Micro House Call

Suspicious_GEN.F47V1216

7.2.353

Vba32 AntiVirus

Heur.Malware-Cryptor.Ngrbot

3.12.26.3

ViRobot

Trojan.Win32.A.Yakes.190976.G[h]

2014.3.20.0

File size:

187 KB (191,488 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

12/16/2014 8:48:11 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:7lynghFPBs1hE+pnky0t3QA56NNUcz3rh44SA5fEXej5W:wpG+pnkyyUNCE3rhl15fE8W

Entry address:

0x1D79

Entry point:

E8, FE, 15, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, 53, 16, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 83, 1D, 40, 00, FF, 15, 88, 80, 40, 00, 33, C0, C3, 8B, FF, 55, 8B, EC, 57, BF, E8, 03, 00, 00, 57, FF, 15, 90, 80, 40, 00, FF, 75, 08, FF, 15, 8C, 80, 40, 00, 81, C7, E8, 03, 00, 00, 81, FF, 60, EA, 00... 
[+]

Code size:

28 KB (28,672 bytes)

The file wafbb4ac6f.exe has been seen being distributed by the following URL.

http://188.68.255.236/dqnew40a101.exe

Remove wafbb4ac6f.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.