» whatpulse.exe
Overview
Analysis
File Details
Behaviors (1)

whatpulse.exe

WhatPulse

GeoTrust Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WhatPulse’.

File name:

whatpulse.exe

Publisher:

GeoTrust Inc. (signed and verified)

Product:

WhatPulse

Version:

2.7b2

MD5:

9e883bed2dbb3706aa33c35e14b76982

SHA-1:

4c69ecd4b0fcc44a1c992ae4438d0c915b84a4c1

SHA-256:

2ebabfa59b3bff81e8e782206ee02ef0e661725d8e7d4630591caf1c4dcf9174

Scanner detections:

15 / 68

Status:

Clean (15 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

11/16/2024 3:43:53 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Runouce-E [Trj]

2014.9-160109

Clam AntiVirus

WIN.Worm.Brontok

0.98/20684

Comodo Security

EmailWorm.Win32.Runonce.~v001

22752

Dr.Web

infected with JS.Nimda

9.0.1.09

ESET NOD32

Win32/Chir.C virus

10.7.0.302.0

Fortinet FortiGate

W32/Chir.C!tr

1/9/2016

F-Prot

W32/Thecid.B@mm

v6.4.6.5.141

IKARUS anti.virus

Email-Worm.Win32.Runouce

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16537

Microsoft Security Essentials

Threat.Undefined

1.201.1583.0

NANO AntiVirus

Trojan.Win32.Nimda.dnmrwl

0.30.24.2487

Panda Antivirus

Generic Malware

16.01.09.12

Sophos

Virus 'W32/Patched-I'

5.15

VIPRE Antivirus

Threat.4726526

41608

Zillya! Antivirus

Worm.RunOnce.Win32.2

2.0.0.2284

File size:

3.7 MB (3,913,216 bytes)

Product version:

2.7b2

Original file name:

whatpulse.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\whatpulse2\whatpulse.exe

Digital Signature

Signed by:

GeoTrust Inc.

Authority:

GeoTrust Inc.

Valid from:

8/29/2014 11:39:32 PM

Valid to:

5/20/2022 11:39:32 PM

Subject:

CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Issuer:

CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

Serial number:

023A77

File PE Metadata

Compilation timestamp:

1/8/2016 9:58:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:kHKApWfHgvhs+6xl3zg7XC764K28xE2/fj8OHFwDW:eYl3k7XCo28xEIrwDW

Entry address:

0x1A0E69

Entry point:

E8, 00, 06, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, C6, 6D, 00, E8, 11, 02, 00, 00, 33, F6, 89, 75, E4, 89, 75, E0, FF, 15, CC, 62, 5D, 00, 0F, B7, D8, 89, 75, FC, 64, A1, 18, 00, 00, 00, 8B, 50, 04, 8B, FE, BE, 84, ED, 6F, 00, 8B, CA, 33, C0, F0, 0F, B1, 0E, 85, C0, 74, 0B, 3B, C2, 75, F0, 33, F6, 46, 8B, FE, EB, 03, 33, F6, 46, 39, 35, 88, ED, 6F, 00, 75, 0A, 6A, 1F, E8, 3A, 04, 00, 00, 59, EB, 3B, 83, 3D, 88, ED, 6F, 00, 00, 75, 2C, 89, 35, 88, ED, 6F, 00, 68, E4, 8A, 5D, 00, 68, D0, 8A, 5D, 00, E8... 
[+]

Code size:

1.8 MB (1,919,488 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WhatPulse

Command:

"C:\Program Files\whatpulse2\whatpulse.exe"

Scan whatpulse.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.