Home / malware HackTool:Win32/Wpakill.C
First posted on 15 February 2019.
Source: MicrosoftAliases :
HackTool:Win32/Wpakill.C is also known as Crack-WindowsWGA.b, Trojan.Win32.Generic.52202D61, Chew-WGA, Trojan.ADH.
Explanation :
Installation When the tool is run, it displays the following screen: The tool creates the following file on your PC: %Local Settings%Tempchew-wga.log Payload To bypass the genuine check, this threat makes a number of modifications to yourPC. The following files are overwritten with malicious copies:
winver.exe sppcomapi.dll slmgr.vbs HackTool:Win32/Wpakill.C modifies the following files: %windir% WindowsUpdate.log driversetchosts The following lines are added to driversetchosts to prevent further genuine checks from being made: 127.0.0.1 genuine.microsoft.com 127.0.0.1 mpq.one.microsoft.com 127.0.0.1 sls.microsoft.com HackTool:Win32/Wpakill.C modifies the following registry key to prevent further activation attempts: In subkey: HKCUSoftwareMicrosoftWindows NTCurrentVersionSoftwareProtectionPlatformActivation Sets value:ActionId Analysis by Michael Johnson Last update 15 February 2019
