How to remove splwow64[1].exe

splwow64[1].exe

The module splwow64[1].exe has been detected as Ransom.Wacatac

splwow64[1].exe
Remove splwow64[1].exe

File Details

Product Name:

Calculator
MD5: ed9393d5765529c845c623e35c1b1a34
Size: 1 MB
First Published: 2024-10-11 23:01:05 (7 months ago)
Latest Published: 2024-11-07 23:00:56 (6 months ago)
Status: Ransom.Wacatac (on last analysis)
Analysis Date: 2024-11-07 23:00:56 (6 months ago)

Common Places:

%localappdata%\microsoft\windows\inetcache\ie
%system%
%temp%
%commonappdata%
%temp%
%system%
%commonappdata%
%sysdrive%\$recycle.bin\s-1-5-21-3516848074-299411234-2561186177-1001

Geography:

37.5%
37.5%
12.5%
12.5%

OS Version:

Windows 10 87.5%
Windows 7 12.5%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x001105fa

.NET Info:

MVID: 63f3b7f3-3ddb-4fc0-9b34-4689a52a0fc9
Typelib ID: 29938ad3-9830-497d-a960-892f0c54c695

PE Sections:

Name Size of data MD5
.text 1107456 af41e717ef9ad3d4cffb1da0c0c81a31
.rsrc 12288 f24a6688b7633fad559002cae9490ff3
.reloc 512 93277f3e28c3097d65b1b664f54ba0d5

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for splwow64[1].exe
copyright for information about splwow64[1].exe