» watermark.exe
Overview
Analysis
File Details

watermark.exe

Shockwave Flash

Macromedia, Inc.

The executable watermark.exe, “Macromedia Flash Player 7.0 r19” has been detected as malware by 38 anti-virus scanners. According to the AV engines that detect this, it is a detection for a file infected by members of the Win32/Ramnit malware family and may drop and load other malware.

File name:

watermark.exe

Publisher:

Macromedia, Inc.

Product:

Shockwave Flash

Description:

Macromedia Flash Player 7.0 r19

Version:

7,0,19,0

MD5:

83176054d3fb2f5846d1ad15f0a1a377

SHA-1:

6770d091852d08f0dfd2ff0bc79ecf7a09445b19

SHA-256:

36a6025aea777d2e8cdd53529875bb9c90a51088af7f4148967e5a5d1ece4181

Scanner detections:

38 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

11/13/2025 6:22:09 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Trojan/Win32.Krap

2013.11.23

Avira AntiVirus

TR/Patched.Ren.Gen

7.11.115.42

avast!

Win32:MalOb-FE [Cryp]

2014.9-140421

AVG

PSW.SpyEye

2015.0.3498

Baidu Antivirus

Trojan.Win32.Krap

4.0.3.14421

Bitdefender

Trojan.Dropper.VHT

1.0.20.555

Bkav FE

W32.FakeFlashPlayer7A.Trojan

1.3.0.4562

Clam AntiVirus

Trojan.Agent-249971

0.98/18155

Comodo Security

TrojWare.Win32.Kryptik.ILZ

17318

Dr.Web

Trojan.Inject.14349

9.0.1.0111

Emsisoft Anti-Malware

Trojan.Dropper.VHT

8.14.04.21.10

ESET NOD32

Win32/Ramnit

8.9085

Fortinet FortiGate

W32/Kryptik.LW!tr

4/21/2014

F-Prot

W32/Ramnit.F.gen

v6.4.7.1.166

F-Secure

Trojan.Dropper.VHT

11.2014-21-04_2

G Data

Trojan.Dropper.VHT

14.4.22

IKARUS anti.virus

Virus.Win32.Ramnit

t3scan.2.2.29

K7 AntiVirus

Trojan

13.174.10286

Kaspersky

Packed.Win32.Krap

14.0.0.3983

Malwarebytes

Trojan.Downloader

v2014.04.21.10

McAfee

PWS-Zbot.gen.di

5600.7154

Microsoft Security Essentials

Trojan:Win32/Ramnit.A

1.163.1557.0

MicroWorld eScan

Trojan.Dropper.VHT

15.0.0.333

NANO AntiVirus

Trojan.Win32.Ramnit.bbgdmp

0.28.0.56316

Norman

Ramnit.Y

11.20140421

nProtect

Trojan/W32.Krap.97807.B

13.11.22.02

Panda Antivirus

W32/Cosmu.E.drp

14.04.21.10

Quick Heal

W32.Ramnit.DR

4.14.12.00

Rising Antivirus

Trojan.Win32.Generic.12AC9EE2

23.00.65.14419

Sophos

Troj/Ramnit-AQ

4.95

SUPERAntiSpyware

Trojan.Agent/Gen-Ramnit

10652

Total Defense

Win32/Protexor.A!generic

37.0.10498

Trend Micro House Call

TROJ_DROPPR.SMAL

7.2.111

Trend Micro

TROJ_GEN.R04FC0DGR13

10.465.21

Vba32 AntiVirus

Malware-Cryptor.Win32.General.4

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

23636

ViRobot

Worm.Win32.A.Net-Koobface.126464

2011.4.7.4223

File size:

95.5 KB (97,807 bytes)

Product version:

7,0,19,0

Trademarks:

Macromedia Flash Player

Original file name:

SAFlashPlayer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\microsoft\watermark.exe

File PE Metadata

Compilation timestamp:

11/7/2004 1:01:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.4

CTPH (ssdeep):

768:G06R0UKzOgnKqGR7//GPc0LOBhvBrHks3IiyhDYQbGmxlNaM+WGa1wuxnzgOYw9Y:kR0vxn3Pc0LCH9MtbvabUDzJYWu3B

Entry address:

0x11FC

Entry point:

55, 8B, EC, 83, EC, 2C, 81, 65, EC, 00, 00, 00, 00, 8D, 5B, 56, 21, D6, 03, 05, 66, 32, 40, 00, 58, 89, 75, 00, 03, 15, 7C, 48, 40, 00, 81, E9, AB, 4E, 40, 00, 8D, 7F, 8F, 83, E8, C0, 85, D8, 75, 05, 8D, 08, 8B, 14, 24, 03, CA, 21, F2, C6, 05, 87, DD, 40, 00, 01, 81, E9, 72, 46, 40, 00, 8B, 3C, 24, FF, 15, E4, 4C, 40, 00, 2B, 1C, 24, BA, ED, 14, 40, 00, 89, 0D, 98, DB, 40, 00, 87, 7D, 00, FF, 15, F0, 10, 40, 00, 8B, 55, 04, 59, C3, 68, 4C, 27, 40, 00, 58, 21, C1, 6A, 76, 5F, 81, C7, 82, 51, 40, 00, 33, D2... 
[+]

Entropy:

5.3245

Developed / compiled with:

Microsoft Visual C++

Code size:

8.5 KB (8,704 bytes)

Remove watermark.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.