The removewga.exe File Analysis

Updated 1 year ago

Checked by Malware Check

removewga.exe

Technical Analysis

File Name	removewga.exe
File Type	Win32 EXE
Magic Bytes	`PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed`
SSDEEP Hash	192:OOLvpA5iyFAyCM1UdjRpV3aNa236dKNHkoy0/qaNDm20GKm/kAKAn6:tLBGiyy24jj3233bNDCZq6
Scanner Version	1.0.158.174
Database Version	2024-02-04 00:00:27 UTC

⚠

Suspicious File Detected

Detected by 26 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

37%

Detection Rate

13,824

File Size (bytes)

26/71

Engines Detected

2024-02-04

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	3b6a1f6ad4b8141b1aed8644d789706f
SHA1	8da3bf220f6853d9b742706dce4ef39212e39243
SHA256	9677bc600745900c6f4c20a75792486a4abbf3b7238902927f52b23b58e1d829
SHA512	57f0a08fec145af4be8f184cfc3b6c6dfec771de7c90f82dcfd80aa9f5c445959d53ee7b26991642b9b6c896ec1adf1f37bb0020bfdf51239c7ae77607915d60
ImpHash	d9183919cbeadd09aae9f616f5545edc

Security Engines with Detections (26 of 71)

Elastic

malicious (moderate confidence) Malicious

Skyhigh

Tool-RemoveWGA Malicious

McAfee

GenericRXAA-AA!3B6A1F6AD4B8 Malicious

Sangfor

Trojan.Win32.Save.a Malicious

Alibaba

HackTool:Win32/Wpakill.76d510f1 Malicious

VirIT

Trojan.Win32.Generic.AUHM Malicious

APEX

Malicious Malicious

Cynet

Malicious (score: 100) Malicious

TACHYON

Trojan/W32.HackTool.31744.H Malicious

Emsisoft

Trojan.Agent (A) Malicious

DrWeb

Tool.RemoveWGA Malicious

Zillya

Trojan.Agent.Win32.752599 Malicious

Trapmine

suspicious.low.ml.score Malicious

Sophos

RemoveWGA (PUA) Malicious

Ikarus

HackTool.Win32.Wpakill Malicious

Google

Detected Malicious

Antiy-AVL

Trojan/Win32.Genome Malicious

Xcitium

ApplicUnsaf@#t1lhvhlkjnpu Malicious

ViRobot

Not_a_virus.RiskTool.U.RemoveWGA.13824 Malicious

ALYac

Misc.Riskware.RemoveWGA Malicious

Cylance

unsafe Malicious

SentinelOne

Static AI - Malicious PE Malicious

MaxSecure

Trojan.Malware.300983.susgen Malicious

Fortinet

Riskware/RemoveWGA Malicious

DeepInstinct

MALICIOUS Malicious

CrowdStrike

win/grayware_confidence_100% (W) Malicious

45 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Icon	Hash: 802f82dbb76e745937c62d934c6f6237 Fuzzy: 55c8188e6bfbf835a7f932443b6d58e7 dHash: c0e0b0c1e1606204
Image Base	`0x00400000`
Entry Point	`0x0040da30`
Compilation Time	2006-07-25 18:22:46
Checksum	0x00000000 (Actual: 0x0000e150)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed`
Digital Signature	The PE file does not contain a certificate table.
Imports	5 libraries KERNEL32, ADVAPI32, CRTDLL, SHELL32, USER32
Exports	0 functions
Resources	3 Resources
Sections	3 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`UPX0`	`0x00001000`	40,960 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`UPX1`	`0x0000b000`	12,288 bytes	11,264 bytes	7.83 (Packed/Encrypted)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`EE1B8C16A17A02E137DA4E02D4E36A37`
`.rsrc`	`0x0000e000`	4,096 bytes	2,048 bytes	4.41 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`DBD275CCCF0D4770A06C1948BD6707A2`

Entropy Analysis Alert

1 section(s) with high entropy (≥7.5) detected - possible packing/encryption

Resource Analysis

▼

Total Resources: 3 (1,411 bytes)

Resource Type	Count	Total Size	Percentage
RT_ICON	1	744 bytes	52.7%
RT_GROUP_ICON	1	20 bytes	1.4%
RT_MANIFEST	1	647 bytes	45.9%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

The PE file does not contain a certificate table.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

26 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1