» winampa.exe
Overview
Analysis
File Details
Behaviors (1)

winampa.exe

Winamp Agent

Nullsoft, Inc.

The executable winampa.exe has been detected as malware by 39 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinampAgent’. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

winampa.exe

Publisher:

Nullsoft, Inc.

Product:

Winamp Agent

Version:

5,6,3,3234

MD5:

5894910a61dab28c5138a7467c9586f2

SHA-1:

fac606cb403df8ae863d947c7608fe36b6ad81ad

SHA-256:

c8a01033119f6344b7da691605dec23ad1bb7ae7212c6834287bff015b611da2

Scanner detections:

39 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 1:46:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Ramnit.N

6485650

Agnitum Outpost

Win32.Nimnul.Gen.2

7.1.1

AhnLab V3 Security

Win32/Ramnit.G

2015.01.31

Avira AntiVirus

W32/Ramnit.C

7.11.206.0

avast!

Win32:RmnDrp

150101-1

AVG

Win32/Zbot.F

2014.0.4253

Baidu Antivirus

Virus.Win32.Nimnul.$a

4.0.3.15130

Bitdefender

Win32.Ramnit.N

1.0.20.150

Bkav FE

HW32.Packed

1.3.0.6379

Clam AntiVirus

W32.Ramnit-1

0.98/20000

Comodo Security

Virus.Win32.Ramnit.K

20900

Dr.Web

Win32.Rmnet.12

9.0.1.05190

Emsisoft Anti-Malware

Win32.Ramnit.N

9.0.0.4799

ESET NOD32

Win32/Ramnit.H virus

7.0.302.0

Fortinet FortiGate

W32/Ramnit.C

1/30/2015

F-Prot

W32/Ramnit.E

4.6.5.141

F-Secure

Win32.Ramnit.N

5.13.68

G Data

Win32.Ramnit

15.1.25

IKARUS anti.virus

Virus.Win32.Ramnit

t3scan.1.8.6.0

K7 AntiVirus

Virus

13.193.14814

Kaspersky

Virus.Win32.Nimnul

15.0.0.543

Malwarebytes

Virus.Ramnit

v2015.01.30.01

McAfee

Virus.W32/Ramnit.a

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.191.3639.0

MicroWorld eScan

Win32.Ramnit.N

16.0.0.90

NANO AntiVirus

Virus.Win32.Nimnul.bqjjnb

0.30.0.65070

Norman

Win32.Ramnit.N

02.01.2015 13:58:24

nProtect

Virus/W32.SpyEye

15.01.30.01

Panda Antivirus

W32/Cosmu.E

15.01.30.01

Quick Heal

W32.Ramnit.BA

1.15.14.00

Rising Antivirus

PE:Win32.Mgr.b!1594784

23.00.65.15128

Sophos

Virus 'W32/Ramnit-A'

5.09

Total Defense

Win32/Ramnit.C

37.0.11411

Trend Micro House Call

PE_RAMNIT.DEN

7.2.30

Trend Micro

PE_RAMNIT.DEN

10.465.30

Vba32 AntiVirus

Virus.Win32.Nimnul.b

3.12.26.3

VIPRE Antivirus

Threat.4732184

36666

ViRobot

Win32.Nimnul.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Nimnul.Win32.2

2.0.0.2049

File size:

181.4 KB (185,728 bytes)

Product version:

5.6.3.3234

Original file name:

winampa.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\winamp\winampa.exe

File PE Metadata

Compilation timestamp:

6/20/2012 7:13:12 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:4cr8dgAy57elue/mSDpbFx0Gs8TUh6ohkGMk6JxS8vIlb6c1Nfzh:tAnZB2hkGMk6zlI64

Entry address:

0x15000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, A8, A6, 01, 20, 2B, 85, 0F, AE, 01, 20, 89, 85, 0B, AE, 01, 20, B0, 00, 86, 85, 40, B0, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 3B, AF, 01, 20, 00, 74, 33, 83, BD, 3F, AF, 01, 20, 00, 74, 2A, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3B, AF, 01, 20, 8B, 00, 89, 85, 78, AF, 01, 20, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3F, AF, 01, 20, 8B, 00, 89, 85, 7C, AF, 01, 20, EB, 61, 83, BD, 43, AF, 01, 20, 00, 74, 58, 8B, 85, 0B, AE, 01, 20, 2B, 85, 43, AF, 01, 20, FF, 30, 8D, 85... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

5.5 KB (5,632 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WinampAgent

Command:

"C:\Program Files\winamp\winampa.exe"

Remove winampa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.