× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b23112ae291efae80aa7f9b1b119eb0da4e426930a23ee77a6a43288f3c0cbb9
File name: WajamUpdater.exe
Detection ratio: 0 / 46
Analysis date: 2013-01-07 21:46:25 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
Yandex 20130107
AhnLab-V3 20130107
AntiVir 20130107
Antiy-AVL 20130107
Avast 20130107
AVG 20130107
BitDefender 20130107
ByteHero 20121226
CAT-QuickHeal 20130107
ClamAV 20130107
Commtouch 20130107
Comodo 20130107
DrWeb 20130107
Emsisoft 20130107
eSafe 20130103
ESET-NOD32 20130107
F-Prot 20130107
F-Secure 20130107
Fortinet 20130107
GData 20130107
Ikarus 20130107
Jiangmin 20121221
K7AntiVirus 20130107
Kaspersky 20130107
Kingsoft 20130107
Malwarebytes 20130107
McAfee 20130107
McAfee-GW-Edition 20130107
Microsoft 20130107
eScan 20130107
NANO-Antivirus 20130107
Norman 20130107
nProtect 20130107
Panda 20130107
PCTools 20130107
Rising 20130104
Sophos AV 20130107
SUPERAntiSpyware 20130107
Symantec 20130107
TheHacker 20130107
TotalDefense 20130107
TrendMicro 20130107
TrendMicro-HouseCall 20130107
VBA32 20130105
VIPRE 20130107
ViRobot 20130107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(c) Wajam. All rights reserved.

Product Wajam
Original name WajamUpdater.exe
Internal name WajamUpdater.exe
File version 1.0.0.5
Description Auto-updater
Signature verification Certificate out of its validity period
Signers
[+] Wajam
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer UTN-USERFirst-Object
Valid from 12:00 AM 06/03/2011
Valid to 11:59 PM 06/02/2012
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint AF9B100D7CCA87EE31490B833BBFAF9A493BF7E5
Serial number 00 8A 53 AA D5 42 C9 19 DF 71 72 AA 6A FB 31 2B 17
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 06:31 PM 07/09/1999
Valid to 06:40 PM 07/09/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbprint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-16 15:17:23
Entry Point 0x00006D3E
Number of sections 5
PE sections
Overlays
MD5 c59055c7553b350676b1731ffb2c1ed9
File type data
Offset 107008
Size 2056
Entropy 7.25
PE imports
RegCreateKeyExW
RegCloseKey
OpenServiceW
ControlService
RegDeleteKeyW
DeleteService
RegQueryValueExW
CloseServiceHandle
ChangeServiceConfig2W
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
CreateServiceW
SetServiceStatus
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
OpenSCManagerW
ReportEventW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
GetStdHandle
WaitForSingleObject
HeapDestroy
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
GetTimeZoneInformation
LoadResource
TlsGetValue
SetLastError
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
HeapSetInformation
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetDateFormatW
GetStartupInfoW
SetEvent
GetProcAddress
GetProcessHeap
GetTimeFormatW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
CompareStringW
GetEnvironmentStringsW
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
FindResourceW
CreateProcessW
Sleep
VarUI4FromStr
SafeArrayGetLBound
VariantClear
SysAllocString
SafeArrayDestroy
SafeArrayUnlock
SafeArrayGetUBound
VariantInit
SafeArrayGetVartype
SysFreeString
SafeArrayLock
MessageBoxW
PostThreadMessageW
GetMessageW
CharUpperW
LoadStringW
TranslateMessage
CharNextW
DispatchMessageW
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoAddRefServerProcess
CoTaskMemRealloc
CoCreateInstance
CLSIDFromProgID
CoReleaseServerProcess
CoTaskMemFree
Number of PE resources by type
RT_MANIFEST 1
TYPELIB 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.5

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Auto-updater

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
34816

EntryPoint
0x6d3e

OriginalFileName
WajamUpdater.exe

MIMEType
application/octet-stream

LegalCopyright
(c) Wajam. All rights reserved.

FileVersion
1.0.0.5

TimeStamp
2012:01:16 15:17:23+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
WajamUpdater.exe

ProductVersion
1.0.0.5

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Wajam

CodeSize
71168

ProductName
Wajam

ProductVersionNumber
1.0.0.5

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 4aa2cc5979aff984227364f2c23b04f3
SHA1 a252fedceedca1655d593982040cceed07812def
SHA256 b23112ae291efae80aa7f9b1b119eb0da4e426930a23ee77a6a43288f3c0cbb9
ssdeep
1536:Y8KZw2SogCHRHbdGak97P6FQ6i868QsksOBkMOauepG8UO:YJZwtYMak97PN6CQ1fauepDUO

authentihash f861eacd2816f9202a801c376124394bbc60e77edb188f104985d10626fc91b7
imphash 1290526020ee7953dd528ca9b331c17f
File size 106.5 KB ( 109064 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2012-01-17 14:07:22 UTC ( 7 years, 2 months ago )
Last submission 2018-07-06 09:55:47 UTC ( 8 months, 3 weeks ago )
File names wajamupdater.exe
smona_b23112ae291efae80aa7f9b1b119eb0da4e426930a23ee77a6a43288f3c0cbb9.bin
B23112AE291EFAE80AA7F9B1B119EB0DA4E426930A23EE77A6A43288F3C0CBB9.DAT
WajamUpdater.exe
WajamUpdater0.exe
vti-rescan
8D7986EE081C6EF0AA9B01777EAB4000F751119B.exe
file
WajamUpdater.exe.VIR
4aa2cc5979aff984227364f2c23b04f3_wajamupdater.exe.bin
tsk0000.dta
s1
WajamUpdater.exe
WajamUpdater.exe
3OAQ51RP6FI60X8V
WajamUpdater.exe
file-4135081_exe
WajamUpdater.exe
WajamUpdater(2)(2).exe
4aa2cc5979aff984227364f2c23b04f3
WAJAMUPDATER.EXE
2.vir
WajamUpdater.exe.vir
4AA2CC5979AFF984227364F2C23B04F3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!