winampa.exe
Winamp Agent
Nullsoft, Inc.
The executable winampa.exe has been detected as malware by 10 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinampAgent’. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
MD5:
7632d7751bb95eea52196e4ee3f8579d
SHA-1:
5c564d7eb12667d27e70bf0d73018a9f5ece9a0f
SHA-256:
c3841c9fdddf6bc384dbb2d67b6ab5f8a65ee7f1c0c8e58265165f7f108fd897
Scanner detections:
10 / 68
Analysis date:
4/26/2024 6:33:35 AM UTC (today)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Gen:Variant.Graftor.91607
5692171
avast!
Win32:Ramnit-CC [Trj]
151004-0
AVG
Win32/Zbot.G
2015.0.4460
Emsisoft Anti-Malware
Gen:Variant.Graftor.91607
10.0.0.5366
F-Prot
W32/Ramnit.E
4.6.5.141
F-Secure
Gen:Variant.Graftor.91607
5.15.21
McAfee
Virus.W32/Ramnit.a
18.0.204.0
Norman
Gen:Variant.Graftor.91607
28.10.2015 12:55:53
Sophos
Virus 'W32/Ramnit-BH'
5.15
VIPRE Antivirus
Threat.4726526
45400
File size:
788.5 KB (807,436 bytes)
Product version:
5.6.3.3235
Copyright:
Copyright © 1997-2012, Nullsoft, Inc.
Original file name:
winampa.exe
File type:
Executable application (Win32 EXE)
Language:
English (United States)
Common path:
C:\Program Files\winamp\winampa.exe
Compilation timestamp:
6/28/2012 5:40:52 PM
CTPH (ssdeep):
6144:QAntgm5O04Nwu4smpgH/ZI5mVZRkOJYLBe8yR3nEBvty:QAntgmv4NC+ZR7CsRZnEBvty
Code size:
5.5 KB (5,632 bytes)
Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Command:
"C:\Program Files\winamp\winampa.exe"