× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 46da5058c5bc04b520298337cd2614e3f27c6444222b04feefe7b3e7cb68ff83
File name: RemoveWAT.exe
Detection ratio: 0 / 41
Analysis date: 2010-03-25 16:53:30 UTC ( 4 years ago ) View latest
Antivirus Result Update
AVG 20100325
AhnLab-V3 20100325
AntiVir 20100325
Antiy-AVL 20100324
Authentium 20100325
Avast 20100325
Avast5 20100325
BitDefender 20100325
CAT-QuickHeal 20100325
ClamAV 20100325
Comodo 20100325
F-Prot 20100324
F-Secure 20100325
Fortinet 20100324
GData 20100325
Ikarus 20100325
Jiangmin 20100325
K7AntiVirus 20100322
Kaspersky 20100325
McAfee 20100324
McAfee+Artemis 20100324
McAfee-GW-Edition 20100325
Microsoft 20100325
NOD32 20100325
Norman 20100325
PCTools 20100325
Panda 20100324
Prevx 20100325
Rising 20100325
Sophos 20100325
Sunbelt 20100325
Symantec 20100325
TheHacker 20100324
TrendMicro 20100325
VBA32 20100325
ViRobot 20100325
VirusBuster 20100325
a-squared 20100325
eSafe 20100324
eTrust-Vet 20100325
nProtect 20100325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright Hazar & Co. © 2010

Publisher Hazar & Co.
Product RemoveWAT
Original name RemoveWAT.exe
Internal name RemoveWAT.exe
File version 2.2.5.2
Description RemoveWAT
Comments Removes Windows Activation Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-02 15:57:06
Link date 4:57 PM 3/2/2010
Entry Point 0x0064359E
Number of sections 4
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 8
ExifTool file metadata
SubsystemVersion
4.0

Comments
Removes Windows Activation Technologies

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.5.2

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
RemoveWAT

CharacterSet
Unicode

InitializedDataSize
103424

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright Hazar & Co. 2010

FileVersion
2.2.5.2

TimeStamp
2010:03:02 16:57:06+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RemoveWAT.exe

FileAccessDate
2014:04:18 23:28:29+01:00

ProductVersion
2.2.5.2

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2014:04:18 23:28:29+01:00

OriginalFilename
RemoveWAT.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Hazar & Co.

CodeSize
6559232

ProductName
RemoveWAT

ProductVersionNumber
2.2.5.2

EntryPoint
0x64359e

ObjectFileType
Executable application

AssemblyVersion
2.2.5.2

PE resource-wise parents
Compressed bundles
File identification
MD5 588c9f669bfb9149c4f1d8e6729743ba
SHA1 75e0288583dd3301386b12de8f8c27eebdbdfc7a
SHA256 46da5058c5bc04b520298337cd2614e3f27c6444222b04feefe7b3e7cb68ff83
ssdeep
98304:/33yKMaL/eXV1i/kDxkmcL/eXV1i/kaRWYL/eXV1i/kmeM1qj4iwiANvSo2/CAy:vyKnZrrLGA3PhsKPkG09Wp

imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 6.4 MB ( 6663680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID DirectShow filter (38.4%)
Windows ActiveX control (22.2%)
Generic CIL Executable (.NET, Mono, etc.) (13.9%)
InstallShield setup (8.2%)
Win32 Executable MS Visual C++ (generic) (5.9%)
Tags
peexe assembly mz

VirusTotal metadata
First submission 2010-03-02 19:11:08 UTC ( 4 years, 1 month ago )
Last submission 2014-04-18 22:28:01 UTC ( 1 hour, 3 minutes ago )
File names Remove v2.2.5.exe
Remove WAT 2.2.5.2.txt
test.exe
www.astrcomp.ru_RemoveWAT_(2.2.5.2)_(1).exe
2 - RemoveWAT_225.exe
Remove WAT 2.4.5.exe
RemoveWAT.exe
342.exe
GENUINERemoveWAT.exe
WAT_Remover_by_digipassion.com.exe
[www.fisierulmeu.ro] Genuine Windows 7 Remove Pack.exe
RemoveWAT v2.2.5.exe
Remove WAT.exe
RemoveWAT (3).exe
Removewat win7.exe
1.exe
Remove WAT - Windows 7.exe
IE9.exe
588c9f669bfb9149c4f1d8e6729743ba..exe
Rw_tahasoft.com.exe
RemoveWAT.exe
RemoveWat 2.2.5.exe
Remove WAT 2.2.5.2.exe
sangar.exe
nakamora.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!