How to remove hw_tool_cn.exe

hw_tool_cn.exe

The module hw_tool_cn.exe has been detected as Ransom.Wacatac

hw_tool_cn.exe
Remove hw_tool_cn.exe

File Details

MD5: 98e78824c72a9719d996893d03aff728
Size: 4 MB
First Published: 2019-11-16 08:45:20 (5 years ago)
Latest Published: 2024-08-04 23:02:16 (8 months ago)
Status: Ransom.Wacatac (on last analysis)
Analysis Date: 2024-08-04 23:02:16 (8 months ago)

Common Places:

%sysdrive%\app service hp\mrt\copy of mrt_v3.29
%desktop%\mrt 3.19 flashgsm
%desktop%\mrt 3.19 flashgsm
%desktop%\mrt_v3.35
%sysdrive%\$recycle.bin\s-1-5-21-87363053-152748283-3601849089-1001\$r7w1yii
%sysdrive%\paid software\new\mrt setup\mrt 3.53_repairmymobile\mrt 3.53
%desktop%\mrt_v3.53_setup
%desktop%\mrt_v3.53_setup
%desktop%\mrt_v3.53_setup
%sysdrive%\mrt\long74_mrt_v3.36

Geography:

21.2%
13.5%
9.6%
7.7%
5.8%
5.8%
5.8%
3.8%
3.8%
3.8%
3.8%
1.9%
1.9%
1.9%
1.9%
1.9%
1.9%
1.9%
1.9%

OS Version:

Windows 10 67.3%
Windows 7 30.8%
Windows 8.1 1.9%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00c4dd59

PE Sections:

Name Size of data MD5
.text 0 00000000000000000000000000000000
.data 0 00000000000000000000000000000000
.tls 0 00000000000000000000000000000000
.rdata 0 00000000000000000000000000000000
.idata 0 00000000000000000000000000000000
.edata 0 00000000000000000000000000000000
.vmp0 0 00000000000000000000000000000000
.vmp1 4989440 25cfe9ce2409c7e34478c7d5e76b8fc5
.rsrc 17920 a85cc076bfdb9e89d1f4fc8a3b353fde

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for hw_tool_cn.exe
copyright for information about hw_tool_cn.exe