home

wwe_1.62.101.9.exe

The application wwe_1.62.101.9.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from wajam-download.com.
MD5:
aa62b1f6646ab3a26301d4614ae40aee

SHA-1:
8c6738a5cf4c6d61822685bcd4f8c53adf54afdd

SHA-256:
3e14dd8797ec9e700fcf9ec474dee3da40faeeb337f76a6efded98101acea594

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/8/2024 3:05:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160518-2

AVG
Win32/Parite
2015.0.4568

Dr.Web
Adware.Wajam.92, Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

Kaspersky
Virus.Win32.Parite
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.1545.0

Norman
Win32.Parite.B
28.05.2016 15:32:18

File size:
4.4 MB (4,638,170 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wwe_1.62.101.9.exe

File PE Metadata
Compilation timestamp:
1/27/2016 10:45:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:a7Ech/QdWmL5vqKSnpbvZv6V09RQn/CYGNDJWfHBZHDV5q8pABVKvt:awch/QsQvWpbhv6V/CYG1JW3jX/vvt

Entry address:
0x15D000

Entry point:
90, B8, F5, 15, 2C, 4D, 90, 90, 68, 20, D0, 55, 00, 5F, 90, 68, 98, 05, 00, 00, 5A, 90, 31, 04, 3A, 90, 4A, 83, EA, 03, 90, 90, 75, F4, 90, 90, 1D, 68, 2D, 4D, F5, 15, 2C, 4D, F5, 15, 6C, 4D, 35, 8B, 2C, 4D, 1D, 1B, 68, 4D, 2F, 00, 68, 4D, F5, A5, 2E, 4D, F4, 15, 2C, 4D, 95, 15, 6D, 4D, EB, 32, 6D, 4D, C1, 32, 6D, 4D, 7D, 1B, 2D, 4D, E9, 32, 2D, 4D, C7, 32, 2D, 4D, 95, F9, 2C, 4D, E9, 32, 2D, 4D, C7, 32, 2D, 4D, F5, 15, 2C, 4D, F5, 15, 2C, 4D, F5, 15, 2C, 4D, F5, 15, 2C, 4D, 05, 15, 6D, 4D, F5, 15, 2C, 4D...
 
[+]

Entropy:
7.9960  (probably packed)

Code size:
58 KB (59,392 bytes)

The file wwe_1.62.101.9.exe has been seen being distributed by the following URL.

http://wajam-download.com/.../WWE_1.62.101.9.exe

Remove wwe_1.62.101.9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.