Vanta-Patchwork.exe Trojan Wacatac Analysis
| Online Virus Checker | v.1.0.177.174 |
| DB Version: | 2024-05-23 10:00:16 |
Trojan.Win64.Wacatac.dd!s1
Wacatac is a type of malware that falls under the wide category of computer viruses. It is known for its malicious capabilities, which include data theft, system compromise, and the execution of additional malicious payloads on the infected system like ransomware.
| File | Vanta-Patchwork.exe |
| Checked | 2024-05-23 07:11:30 |
| MD5 | f202bc52c47f4108085387e3e401deac |
| SHA1 | 159098cfe5766cba2d783cec3c91215c8bb3a3bb |
| SHA256 | 04aba2280c46aa65cdccfb9923055824f033d8537d4da82477765c28406e3dfd |
| SHA512 | a93a206eeb9d5ec5dd296a4f937ca79a9994426b391264ef79ee370c9390c21835472e80767154c810d2fa401f35fd777730e349407df3164ffb972b2a702fa8 |
| Imphash | e44f44f1060dd800fd861c4e5ad59e21 |
| File Size | 51229696 bytes |
Trojan.Win64.Wacatac.dd!s1 Removal
Gridinsoft has the capability to identify and eliminate Trojan.Win64.Wacatac.dd!s1 without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
| Image Base: | 0x140000000 |
| Entry Point: | 0x1400010f6 |
| Compilation: | 2024-05-19 08:42:49 |
| Checksum: | 0x0002694a (Actual: 0x030ea32c) |
| OS Version: | 4.0 |
| PEiD: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 12 |
| Imports: | KERNEL32, msvcrt, SHELL32, |
| Exports: | 0 |
| Resources: | 2 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0001ac38 | 0x0001ae00 | 13b5d70373d10ef4377b582fb620cecc | 6.33 |
| .data | 0x0001c000 | 0x00000110 | 0x00000200 | 9b25516cfce6984489195195d90f426e | 1.20 |
| .rdata | 0x0001d000 | 0x00002b50 | 0x00002c00 | 94427357a6b6be6ed73afbbab3313f88 | 5.14 |
| .eh_fram | 0x00020000 | 0x00000004 | 0x00000200 | bf619eac0cdf3f68d496ea9344137e8b | 0.00 |
| .pdata | 0x00021000 | 0x00000828 | 0x00000a00 | 3e18e1d3f68fcfe5944a482144bcafff | 4.50 |
| .xdata | 0x00022000 | 0x000009f8 | 0x00000a00 | 88682aaa9be0310b35cbaaaa6d50a92a | 4.64 |
| .bss | 0x00023000 | 0x00011c90 | 0x00000000 | d41d8cd98f00b204e9800998ecf8427e | 0.00 |
| .idata | 0x00035000 | 0x00000dec | 0x00000e00 | b5c3a94cbba77dc56074b07490a7cb9c | 4.41 |
| .CRT | 0x00036000 | 0x00000060 | 0x00000200 | 1572482beb0d8b18d33d53f32a6f2133 | 0.30 |
| .tls | 0x00037000 | 0x00000010 | 0x00000200 | bf619eac0cdf3f68d496ea9344137e8b | 0.00 |
| .rsrc | 0x00038000 | 0x030ba860 | 0x030baa00 | 476b233777c0f90e8f11108e77ce917e | 8.00 |
| .reloc | 0x030f3000 | 0x00000094 | 0x00000200 | 52e2bfbaf0871bbab88465cc40ddc33f | 1.84 |
