Wepawet has a disclosure problem IMHO.
When an exploiter try to identify the configuration host probing activex version, browser version, plug in version and so on wepawet set this value in the same mode. This can useful for a botadmin because the response sent to exploiter support web site, it may be used for understand how react to attempts for automatic analysis. For example, if a common php stage of a malware spreading site recognize that the variables used by exploiter are valued with a schematic mode it can provide a fake page and made wrong result in terms of analysis . This only my point of view.
Feedback are welcome.
I have posted something about on my blog http://extraexploit.blogspot.com