home

waupdater.exe

WAUpdater

OFF Corp.

It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
Publisher:
MASTER.TO  (signed by OFF Corp.)

Product:
WAUpdater

Version:
1.0.0.26

MD5:
73ee777ce3f59f5f9c1b58bae40283c2

SHA-1:
c2c92ae688c18bc3c6548081c250691a96de9ffd

SHA-256:
ffd3cc11b2f4ea1505b6d517ea441049d9231db5d2a9b9aa874856c8188dee67

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/24/2024 6:19:25 PM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0715
7.2.356

File size:
2.7 MB (2,867,328 bytes)

Product version:
1.0.0.0

Copyright:
Copyright ⓒ MASTER.TO. All right reserved.

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\wactivity\waupdater.exe

Digital Signature
Signed by:
OFF Corp.

Authority:
VeriSign, Inc.

Valid from:
4/1/2011 9:00:00 AM

Valid to:
4/1/2013 8:59:59 AM

Subject:
CN=OFF Corp., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OFF Corp., L=Yongsan-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5F020C2050AC1EF52C35BA95D6A3D174

File PE Metadata
Compilation timestamp:
4/16/2012 6:42:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:HcY+SSegvRBsmbw10sBSRUieOcRDnbHnT64F/36/:8YDQbk6sBnh/L3k

Entry address:
0x2314C0

Entry point:
55, 8B, EC, 83, C4, E0, 33, C0, 89, 45, E0, 89, 45, EC, 89, 45, E8, 89, 45, E4, B8, F4, 58, 62, 00, E8, 1A, A6, DD, FF, 33, C0, 55, 68, EE, 15, 63, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, A1, 80, B7, 63, 00, 8B, 00, E8, AD, DE, E8, FF, 8B, 45, E4, 8D, 55, E8, E8, EE, 42, DE, FF, 8B, 4D, E8, 8D, 45, EC, BA, 08, 16, 63, 00, E8, 36, 6C, DD, FF, 8B, 45, EC, E8, D6, 67, DD, FF, 50, 6A, FF, 6A, 00, E8, 94, B7, DD, FF, A3, D8, 1B, 64, 00, 83, 3D, D8, 1B, 64, 00, 00, 0F, 84, 99, 00, 00, 00, E8, B5, B8, DD, FF, 85...
 
[+]

Entropy:
6.6075

Developed / compiled with:
Microsoft Visual C++

Code size:
2.2 MB (2,294,272 bytes)

Scheduled Task
Task name:
WActivityUpdate_khcho80

Trigger:
Daily (Runs daily at 오전 10:39)


Scan waupdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.