home

winampa.exe

The executable winampa.exe has been detected as malware by 11 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘WinampAgent’.
MD5:
4d9f9991bbf82b16aac768c0c8b4684e

SHA-1:
15e79ce04579fc2c502d9a9478eaf59facd41104

SHA-256:
cb7874cbc1a6e4cec377aa98f6397420e5824e4700e8ca2a064dd3659f8b7209

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
5/6/2024 11:19:29 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Vitro
160203-1

Boost by Reason
Optional.Startup
188838

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
10.0.0.5366

ESET NOD32
Win32/Virut.NBP virus
7.0.302.0

F-Prot
W32/Sality.D.gen
4.6.5.141

F-Secure
Win32.Virtob.Gen.12
5.15.21

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5352.0

Norman
Win32.Virtob.Gen.12
03.02.2016 10:30:35

Sophos
Virus 'W32/Scribble-B'
5.23

VIPRE Antivirus
Threat.4120919
46910

File size:
62.5 KB (64,000 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\winamp\winampa.exe

File PE Metadata
Compilation timestamp:
8/25/2000 7:31:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1536:JTeQbPslGjDlsXMfayRgMndrsRXyflo5n:5XPslGjDAMfaunBshydc

Entry address:
0x1521E

Entry point:
83, 3C, 24, FF, 0F, 84, FA, FF, FF, FF, 8D, 64, 24, D0, 21, C0, 60, 86, E6, 8D, 64, 24, 24, 8D, 33, 87, DA, E8, 05, 96, FF, FF, 8D, 7C, 24, FC, F6, D4, 49, 80, D1, EF, 4E, 46, 87, 1F, 8D, 44, E7, 7B, 08, F5, FC, 87, CA, 4B, 00, F4, 0F, B7, CB, E2, FE, 86, C6, 80, F2, 7C, 66, 8B, D9, 97, FF, 73, 3C, 38, E2, 59, F7, D7, 97, 81, E9, FE, FF, FF, 7F, 73, DE, 8B, F9, F6, D4, E9, 0A, 98, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3279

Code size:
5.5 KB (5,632 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WinampAgent

Command:
"C:\Program Files\winamp\winampa.exe"


Remove winampa.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.