setupwhatsapp.exe

The executable setupwhatsapp.exe has been detected as malware by 29 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from 3283984.r.msn.com and multiple other hosts.
Version:
1.0.0.0

MD5:
f0416e5ef08e2de12b409f51e42c7a31

SHA-1:
98b5fb0494b0ff62437ed8ccabb0d538111abbde

SHA-256:
63268404176e0a7ee046b047f045ca30880d72b98b9457a7d1f811346c1919d4

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
12/26/2024 8:31:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2730230
347

Agnitum Outpost
Trojan.DL.Banload
7.1.1

AhnLab V3 Security
Trojan/Win32.Banload
2015.12.11

Avira AntiVirus
TR/Dldr.Agent.219648.15
8.3.2.4

Arcabit
Trojan.Generic.D29A8F6
1.0.0.629

avast!
Win32:Banker-MGN [Trj]
2014.9-160222

AVG
Downloader.MSIL
2017.0.2825

Baidu Antivirus
Trojan.MSIL.Banload
4.0.3.16222

Bitdefender
Trojan.GenericKD.2730230
1.0.20.265

Emsisoft Anti-Malware
Trojan.GenericKD.2730230
8.16.02.22.05

ESET NOD32
MSIL/TrojanDownloader.Banload.ER (variant)
10.12705

Fortinet FortiGate
MSIL/Banload.ER!tr.dldr
2/22/2016

F-Secure
Trojan.GenericKD.2730230
11.2016-22-02_2

G Data
Trojan.GenericKD.2730230
16.2.25

IKARUS anti.virus
Trojan-Downloader.MSIL.Banload
t3scan.1.9.5.0

K7 AntiVirus
Trojan-Downloader
13.212.18076

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.621

Malwarebytes
Trojan.Banker.MSIL
v2016.02.22.05

McAfee
RDN/Generic Downloader.x
5600.6481

Microsoft Security Essentials
TrojanDownloader:MSIL/Banload.AA
1.1.12300.0

MicroWorld eScan
Trojan.GenericKD.2730230
17.0.0.159

NANO AntiVirus
Trojan.Win32.Agent.dxjgib
1.0.10.5081

nProtect
Trojan.GenericKD.2730230
15.12.11.01

Panda Antivirus
Trj/CI.A
16.02.22.05

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Quick Heal
TrojanDownloader.Banload.r4
2.16.14.00

Trend Micro
TROJ_GEN.R0E9C0DIH15
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic
45756

Zillya! Antivirus
Downloader.Banload.Win32.67634
2.0.0.2557

File size:
214.5 KB (219,648 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
RioBranco.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setupwhatsapp.exe

File PE Metadata
Compilation timestamp:
9/16/2015 11:05:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:GzJ+lM+sEvWfROJLhfJpreQ00ws/R3b/rz3qhtZKc1jRw904baRYX2NCancRu7AR:1WROJNhpeBUDnqtKcBG9

Entry address:
0x3664E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
210 KB (215,040 bytes)

The file setupwhatsapp.exe has been seen being distributed by the following 2 URLs.

http://3283984.r.msn.com/.../receita.php

Remove setupwhatsapp.exe - Powered by Reason Core Security