Wowlet Desktop Wallet - malicious potential viruses?

When I downloaded the Wowlet Desktop Wallet executable named wowlet-v3.0.0-x86_64-windows.exe

I ran it through various virus scanners. 5 security vendors flagged this file as malicious.

The results are below

A Variant Of Win64/CoinMiner.MR Potentially Unwanted


Palo Alto Networks
Acronis (Static ML)

Can anyone provide any advice on what these are, please?

Are they viruses?

This one: Not-a-virus:NetTool.Win32.TorTool.eke is because it bundles Tor, which is not a virus, but it is often used in botnets to keep the hacker’s anonimity. On WowLet it is used to hide your IP.
The others are because it contains the Wownero Daemon, which can be used to cryptomine (potentially botnets might use daemon to mine but it is very unlikely to be fair).
If you don’t trust it enough you can compile it by yourself .


The wallet contains some code shared with miners. Meanies are hacking computers and installing miners on them without permission. Anti-viruses helpfully flag miners to catch these unwanted miners.

To make sure you’ve got the “real” Wowlet that hasn’t been tampered with, you can verify the hashes and the signature, or as @_xxfedexx said, build it from source yourself.

1 Like

Thanks for your advice. This was helpful. How do I compile it for myself, please? I’m a bit stuck @_xxfedexx @asymptotically

Compilation instructions for Windows can be found here:

It seems to require Linux and Docker to build, though. It may be easier to just verify downloaded hashes, so you can blame the devs if anything breaks :stuck_out_tongue_winking_eye:.

For reference, to do the other things @asymptotically says:

To verify hashes, assuming you use Windows 10:

Open the folder where you saved wowlet in File Explorer, then click FileOpen Windows PowerShell. Then type in:

Get-FileHash -Algorithm SHA256 wowlet-v3.0.0-x86_64-windows.exe

Verify that the Hash column matches the one on the download page, which I see is:


Ignore uppercase/lowercase while comparing. The only characters used are 0-9 a-f, so there is no possibility of 1/I/l 0/O confusion.

To verify the signature, you’ll need an OpenPGP program like GPG and @dsc’s public key. I’ll leave this as an exercise for the reader, since merely downloading a key based on posted instructions is no more secure than checking a posted hash.


1 Like