Home / malware

PDF

HackTool:Win32/Wpakill.B

First posted on 15 February 2019.
Source: Microsoft

Aliases :

There are no other names known for HackTool:Win32/Wpakill.B.

Explanation :

Win32/Wpakill.B tries to to bypass the Windows activation technologies in Windows 7.

It disables components by either terminating processes or by stopping services. It can also change several Windows files.

Files affected by Win32/Wpakill.B include:

SLUI.exe (Windows activation client) Systemcpl.dll slwga.dll (software licensing WGA API) sppcomapi.dll (software licensing WGA API) systemcpl.dll (software licensing library) user32.dll (patched Windows component) WatWeb.dll WatAdminSvc.exe WatUX.exe

Win32/Wpakill.B deletes the Windows service WLMS. It also stops the service Sppsvc and disables it from automatically running when Windows starts.

It disables the following scheduled tasks:

MicrosoftWindowsWindows Activation TechnologiesValidationTask
MicrosoftWindowsWindows Activation TechnologiesValidationTaskDeadline

These tasks are part of the anti-piracy Windows activation technologies update KB971033.

Analysis by Dan Nicolescu

Last update 15 February 2019

 

TOP