home

weawa.exe

The executable weawa.exe has been detected as malware by 13 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘weawa’.
MD5:
e2d6dc0473d9aa13008da8c9e80779bd

SHA-1:
2ff2520ee53a4648762bb360bd1585ae0c1c04d3

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/26/2024 3:06:29 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:VB-NIE [Trj]
160214-1

AVG
Worm/AutoRun.HV
2015.0.4522

Dr.Web
Win32.HLLW.Autoruner.8325
9.0.1.05190

Emsisoft Anti-Malware
Gen:Trojan.Chinky
10.0.0.5366

ESET NOD32
Win32/AutoRun.VB.GJ worm
7.0.302.0

F-Prot
W32/VB.X.gen
4.6.5.141

F-Secure
Worm:W32/Vinkus.gen!A
5.15.21

Kaspersky
Worm.Win32.Vobfus
15.0.0.562

McAfee
Trojan.VBObfus
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6277.0

Norman
Gen:Trojan.Chinky.2
08.02.2016 04:24:12

Sophos
Virus 'Troj/Vobfus-CP'
5.23

VIPRE Antivirus
Threat.4509266
47068

File size:
56 KB (57,344 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\documents and settings\kamil\weawa.exe

File PE Metadata
Compilation timestamp:
1/1/2000 1:00:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:5BHlPdzpa1smCf0mq/6/Q/9NF0+LEc8af3ts0E99:5tzWsmcq2oS+Ljb3ts0E99

Entry address:
0x1184

Entry point:
68, 14, 12, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 81, 89, 47, A1, 4A, D5, 79, 42, 98, 62, 53, D9, 21, 71, AD, 30, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 55, 43, 43, 70, 63, 44, 5A, 6D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 06, 00, 00, 00, C8, 35, 40, 00, 07, 00, 00, 00, B4, 2D, 40, 00, 07, 00, 00, 00, 60, 2D, 40, 00, 07, 00, 00, 00, 18, 2D, 40, 00, 07, 00, 00, 00, D4, 2C, 40, 00, 07, 00, 00, 00, 8C, 2C, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
48 KB (49,152 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
weawa

Command:
C:\documents and settings\kamil\weawa.exe


Remove weawa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.