EViews13 exe Trojan Wacatac File Malware Analysis: 3bd9b4b9502c8bc46b220054ef2e0623
Gridinsoft Logo
File Icon

EViews13.exe Trojan Wacatac Analysis

Updated 3 days ago
Checked by Malware Check
EViews13.exe

Technical Analysis

File Name EViews13.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.224.174
Database Version 2025-09-10 14:00:52 UTC

Ransom.Win64.Wacatac.cld

Malware family: Wacatac

Wacatac malware demonstrates multiple malicious capabilities including data theft, system compromise, and secondary payload deployment. It can download additional malware components including ransomware to extend attack impact.
N/A
Detection Rate
28,561,112
File Size (bytes)
2025-09-10
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
3bd9b4b9502c8bc46b220054ef2e0623
SHA1
6d07bb03cd4525bf74c71124ff7771fdc936d081
SHA256
4d0f640b81d254e69309215dda6e00cdd994670c63c9877dda882ce9bb5079b6
SHA512
a37718bfa88c8e7a40d0f7963984a8b36cedd6772c88ad3475a5c585028896d9142ae8eb479a623a87b5bf9ad39f250f30b9ae1ac7ecc822bbb9f6b002716991
ImpHash
20fa454a794b888f8afc41a479309566

PE Analysis

Basic Information

Icon
Hash: c8e1019a9e92a425a00ab2f9f665ccf4
Fuzzy: 59ada74a6099af8916b655a4c595c53d
dHash: 7c34b0c969b67371
Image Base 0x140000000
Entry Point 0x1468a4344
Compilation Time 2022-11-28 19:12:29
Checksum 0x057615c2 (Actual: 0x01b4a7e8)
OS Version 6.0
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 39 libraries
Exports 0 functions
Resources 2794 Resources
Sections 9 Sections

Version Information

CompanyName S&P Global, Inc.
FileDescription EViews 13
FileVersion 13.0.0.0
InternalName EViews13
LegalCopyright Copyright © 2022
OriginalFilename EViews13.exe
ProductName EViews
ProductVersion 13.0.0.0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
0x00001000 35,299,328 bytes 12,289,024 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0CDCC7DA3A819EF033D8D5014D4E4FF3
0x021ab000 5,341,184 bytes 1,585,664 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5B0A29C6826278C6CEAA1348E7B0CA1A
0x026c3000 823,296 bytes 53,760 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 646F0E5554790E7B97CA4CDA2D8C6300
0x0278c000 622,592 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
0x02824000 4,096 bytes 512 bytes 2.62 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 07962DA293B61551E0DA2B522BAF686D
0x02825000 50,020,352 bytes 8,781,312 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 84698036D381956CFA66409267C590A4
.rsrc 0x057d9000 2,052,096 bytes 2,049,536 bytes 5.00 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8A26777DFE4295584965F2F603D2487B
0x059ce000 12,054,528 bytes 278,528 bytes 8.00 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE C13811FAAE1E5AF6DE6F5F035330A067
0x0654d000 3,510,272 bytes 3,509,248 bytes 7.90 (Packed/Encrypted) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D2CE1F7DBE23A0FC7A2F86594C0DC2C5
Entropy Analysis Alert

6 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

Total Resources: 2794 (49,823,762 bytes)
Resource Type Count Total Size Percentage
AFX_DIALOG_LAYOUT 190 380 bytes
0%
MPLEXTBL 1 28,976 bytes
0.1%
MPYACCTBL 1 2,078 bytes
0%
PNG 553 1,012,317 bytes
2%
STYLE_XML 5 83,741 bytes
0.2%
TYPELIB 1 11,700 bytes
0%
RT_CURSOR 58 17,272 bytes
0%
RT_BITMAP 211 45,741,652 bytes
91.8%
RT_ICON 309 1,637,771 bytes
3.3%
RT_MENU 253 148,154 bytes
0.3%
RT_DIALOG 813 912,984 bytes
1.8%
RT_STRING 207 203,068 bytes
0.4%
RT_ACCELERATOR 1 288 bytes
0%
RT_GROUP_CURSOR 47 1,094 bytes
0%
RT_GROUP_ICON 56 4,662 bytes
0%
RT_VERSION 1 696 bytes
0%
RT_HTML 8 2,113 bytes
0%
RT_MANIFEST 1 1,976 bytes
0%
None 78 12,840 bytes
0%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Ransom.Win64.Wacatac.cld Removal

Gridinsoft has the capability to identify and eliminate Ransom.Win64.Wacatac.cld without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware