home

wajam.exe

Wajam

Super Downloads

The file is part of Wajam, a web browser extension that injects social search integration into various search portals such as Google. The application wajam.exe by Super Downloads has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.allfreeapps.net and multiple other hosts.
Publisher:
Super Downloads  (signed and verified)

Product:
Wajam

Version:
2.3

MD5:
cdc339910694fd0c5befaac38261cd06

SHA-1:
d3bcd8f05405687dff89207db8d782c9103cec25

SHA-256:
9738e3f7807f373aa2c4d15e4ad3ad101723bc0248468c4e34462d1dd05b62ea

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
4/26/2024 8:09:32 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Searcher.2542
9.0.1.028

ESET NOD32
Win32/Wajam
8.9346

Malwarebytes
PUP.Optional.Wajam
v2014.01.28.06

McAfee
Artemis!CDC339910694
5600.7237

Norman
Downloader
11.20140128

Reason Heuristics
PUP.SuperDownloads.F
14.2.27.6

Trend Micro House Call
TROJ_GEN.F47V0122
7.2.28

VIPRE Antivirus
Wajam
25886

File size:
60.2 KB (61,632 bytes)

Copyright:
© Wajam. All right reserved.

Trademarks:
Wajam – Great minds search alike.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\wajam.exe

Digital Signature
Signed by:
Super Downloads

Authority:
COMODO CA Limited

Valid from:
12/12/2013 1:00:00 AM

Valid to:
12/12/2016 12:59:59 AM

Subject:
CN=Super Downloads, O=Super Downloads, STREET="4115, boul. St-Laurent", L=Montreal, S=Quebec, PostalCode=H2W 1Y7, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EDE829ED1E6AB7C7A9D6279BB970B503

File PE Metadata
Compilation timestamp:
12/5/2009 11:53:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:sjq3+uta99Hj25XvwLXJLizAJXxsUS4bafmwEeShC:wstajHKBvYXJLYW84b1wEep

Entry address:
0x36A0

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 88, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, B8, 63, 42, 00, E8, EE, 2E, 00, 00, A3, 04, 63, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, B0, 0C, 42, 00, FF, 15, 58, 81, 40, 00, 68, 10, A8, 40, 00, 68, 00, 5B, 42, 00, E8, F4, 29, 00, 00, FF, 15, B0, 80, 40, 00, BF, 00, C0, 42, 00, 50, 57, E8, E2, 29, 00, 00...
 
[+]

Entropy:
7.1410

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file wajam.exe has been seen being distributed by the following 7 URLs.

http://i.allfreeapps.net/inst/software/58469E13-5DA8-4677-8D99-59C645547170/.../wajam_download.exe

http://i.wecan-software.com/inst/software/58469E13-5DA8-4677-8D99-59C645547170/.../wajam_download.exe

http://secure.ilandcachecdn.com/.../wajam_download3.exe

http://s.allfree-soft.net/inst/software/58469E13-5DA8-4677-8D99-59C645547170/.../wajam_download.exe

http://vzbucket.maxrevinstaller.com/Wajam/.../wajam_download.exe

http://i.nextupsw.com/inst/software/58469E13-5DA8-4677-8D99-59C645547170/.../wajam_download.exe

http://www.wajam-download.com/.../wajam_download.exe

Remove wajam.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.