walter.exe

Phulli

The application walter.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs01n2.sendspace.com.
Product:
Phulli

Version:
1.0.0.0

MD5:
16aac2048c0ca1f66a161e2adb350ece

SHA-1:
51c9de37ea06dceeafd6ea7a8424413be1a1658b

SHA-256:
dbc342cf13e89f7b64427279a524f1db134ea0b3c8b74f45065cbca548d3f8c0

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:15:17 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:GenMalicious-FBH [PUP]
160727-6

ESET NOD32
MSIL/Autorun.Spy.Agent.AU worm
8.0.319.0

File size:
520.5 KB (532,992 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
Phulli.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\walter.exe

File PE Metadata
Compilation timestamp:
7/22/2016 8:56:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:yujqdaRUbbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnxm:jRUbQtqB5urTIoYWBQk1E+VF9mOx9Q

Entry address:
0x80B9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 78, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
507 KB (519,168 bytes)

The file walter.exe has been seen being distributed by the following URL.

Remove walter.exe - Powered by Reason Core Security