Ransom Win32 Wacatac - Scan Report
| Online Virus Checker | v.1.0.139.174 |
| DB Version: | 2023-09-18 17:04:13 |
| Available languages: |        |
Scan Your File
Analyze suspicious files to detect malware and automatically share them with our team. You can compress your file into a zip archive (if needed, we use the password "infected" to extract before checking).
Ransom.Win32.Wacatac.sa
Wacatac is a type of malware that falls under the wide category of computer viruses. It is known for its malicious capabilities, which include data theft, system compromise, and the execution of additional malicious payloads on the infected system like ransomware.
| Checked: | 2023-09-18 14:57:19 |
| MD5: | 64e7508583311366674e4cb282c8e123 |
| SHA1: | 5346372e9e23f5d1a7703f264701ff6c109f47fb |
| SHA256: | 9f68fd518f6397676115909b0c15578422bedfc9b69c0b43a99574b60bdad7cf |
| SHA512: | 1f4d21c2ceddfeaba578aed681cd793892d480215517cb6a6ccc4ff40594c1e535343e486f1363df1558fd53fbbf0534ba3f1838f0e3d9579cd464008090dc6c |
| Imphash: | 1f3b09ac54bae329ada2bbf2c914acc5 |
| File Size: | 57344 bytes |
Ransom.Win32.Wacatac.sa Removal
Gridinsoft has the capability to identify and eliminate Ransom.Win32.Wacatac.sa without requiring further user intervention.
- Start by downloading Gridinsoft Anti-Malware to your computer.
- Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
- Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
- Click on the "Standard Scan" button.
- After the scanning process is finished, click on "Clean Now" to remove any detected threats.
- If prompted, restart your system to complete the removal process.
Portable Executable Info
 |
d48a717ebd19a71c39b950a94d1d953c c0d6134b7a2d3b033c5933a8b05e46ff c89c988de6b2be66 |
| Image Base: | 0x00400000 |
| Entry Point: | 0x00402662 |
| Compilation: | 2006-06-06 09:48:31 |
| Checksum: | 0x00000000 (Actual: 0x0001bc33) |
| OS Version: | 4.0 |
| PEiD: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Sign: | The PE file does not contain a certificate table. |
| Sections: | 4 |
| Imports: | KERNEL32, USER32, ADVAPI32, d3d9, |
| Exports: | 0 |
| Resources: | 8 |
Sections
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Entropy |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0000626a | 0x00007000 | 05fecbd70ebd2139c43fe88fc00c5421 | 6.16 |
| .rdata | 0x00008000 | 0x00001608 | 0x00002000 | 14bd1d9486798ac3252e73a5c2218cab | 3.81 |
| .data | 0x0000a000 | 0x00021e58 | 0x00001000 | 4d934355e3654d5a24d708fc08417073 | 1.16 |
| .rsrc | 0x0002c000 | 0x00002040 | 0x00003000 | a932469731cf31bec24f314bd1a4a42d | 2.75 |
