» androidwhatsapptransfer.exe
Overview
Analysis
File Details
Network (1)

androidwhatsapptransfer.exe

Backuptrans Android WhatsApp Transfer

Backuptrans Studio

The application androidwhatsapptransfer.exe has been detected as a potentially unwanted program by 37 anti-malware scanners. While running, it connects to the Internet address li928-61.members.linode.com on port 80 using the HTTP protocol.

File name:

Publisher:

Backuptrans Studio

Product:

Backuptrans Android WhatsApp Transfer

Version:

0.0.0.19

MD5:

f845ac0a08e8bbffd6be244071cd42bb

SHA-1:

97416e6f0f4b303918055acc0ca65b27f4e03d12

SHA-256:

40abc9c477b1740b079ef73f77bfe9d266c0138fe764990649d9024387a73e9d

Scanner detections:

37 / 68

Status:

Potentially unwanted

Analysis date:

12/26/2024 4:21:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11833592

502

Agnitum Outpost

Riskware.MoleboxVS

7.1.1

AhnLab V3 Security

Trojan/Win32.Refroso

2015.08.09

Avira AntiVirus

TR/Rogue.kdz.7226.2

8.3.1.6

Arcabit

Trojan.Generic.DB490F8

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150921

AVG

Generic11_c

2016.0.2980

Baidu Antivirus

Trojan.Win32.MoleboxVS

4.0.3.15921

Bitdefender

Trojan.Generic.11833592

1.0.20.1320

Bkav FE

W32.HexserLTI.Trojan

1.3.0.7062

Comodo Security

Backdoor.Win32.Agent.CFRW

22956

Dr.Web

Trojan.Packed.Based

9.0.1.0264

Emsisoft Anti-Malware

Trojan.Generic.11833592

8.15.09.21.03

ESET NOD32

Win32/Packed.MoleboxVS.H suspicious (variant)

9.12065

Fortinet FortiGate

W32/Injector.DH!tr

9/21/2015

F-Prot

W32/Bifrost.AD.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.11833592

11.2015-21-09_2

G Data

Trojan.Generic.11833592

15.9.25

IKARUS anti.virus

PUA.MoleboxVS

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.207.16830

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1394

Malwarebytes

Backdoor.Bot.Gen

v2015.09.21.03

McAfee

BackDoor-FACW!F845AC0A08E8

5600.6636

MicroWorld eScan

Trojan.Generic.11833592

16.0.0.792

NANO AntiVirus

Trojan.Win32.Inject.mszcn

0.30.24.3079

nProtect

Trojan.Generic.11833592

15.08.07.01

Panda Antivirus

Trj/CI.A

15.09.21.03

Qihoo 360 Security

HEUR/Malware.QVM02.Gen

1.0.0.1015

Quick Heal

Trojan.Generic.g7

9.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.174C5ECA!390880970

23.00.65.15919

Sophos

Troj/SSonce-B

4.98

Total Defense

Win32/Bifrose.BND

37.1.62.1

Trend Micro House Call

TROJ_SPNR.0BIT14

7.2.264

Trend Micro

TROJ_SPNR.0BIT14

10.465.21

VIPRE Antivirus

Trojan.Win32.SSonce.b

42724

ViRobot

Trojan.Win32.S.Agent.2811649[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Packed.Win32.51951

2.0.0.2341

File size:

2.7 MB (2,811,649 bytes)

Product version:

3.1.19.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\backuptrans.android.whatsapp.transfer.3.2.01_2\crack\androidwhatsapptransfer.exe

File PE Metadata

Compilation timestamp:

7/24/2011 3:45:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

49152:A9VlGgvQHOGPTxdkATkDzh16Oj5JS8l3kfTAiTnDuaIkaYzFYklkYPm0Zr:8iHOGPdPTe6dskfc4u09FYMkY7Zr

Entry address:

0x1280

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 01, 00, 00, 00, FF, 15, 1C, 83, 40, 00, E8, B8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 1C, 83, 40, 00, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 34, 83, 40, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 28, 83, 40, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, 3D, 10, B1, 40, 00, 00, 75, 0A, C7, 05, 10, B1, 40, 00, E8, 61, 40, 00, A1, 10, B1, 40, 00, 5D, C3, 55, 89, E5... 
[+]

Entropy:

7.8331

Packer / compiler:

MingWin32 - Dev C++ v4.x (h)

Code size:

21 KB (21,504 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to li928-61.members.linode.com (45.56.78.61:80)

Remove androidwhatsapptransfer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.