whatpulse.exe

WhatPulse

GeoTrust Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WhatPulse’.
Publisher:
GeoTrust Inc.  (signed and verified)

Product:
WhatPulse

Version:
2.7b3

MD5:
63ec292b935f6e4a547d2e202b52e00c

SHA-1:
f2057b8a27975140248f412787ef8878ea552a71

SHA-256:
babcabe37205ad9ed71e069a059b2dcc55b7bf4a2a90631f6d1510c50d2fe851

Scanner detections:
15 / 68

Status:
Clean  (15 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/16/2024 3:59:05 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Runouce-E [Trj]
2014.9-160129

Clam AntiVirus
WIN.Worm.Brontok
0.98/20684

Comodo Security
EmailWorm.Win32.Runonce.~v001
22752

Dr.Web
infected with JS.Nimda
9.0.1.029

ESET NOD32
Win32/Chir.C virus
10.7.0.302.0

Fortinet FortiGate
W32/Chir.C!tr
1/29/2016

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

IKARUS anti.virus
Email-Worm.Win32.Runouce
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16537

Microsoft Security Essentials
Threat.Undefined
1.201.1583.0

NANO AntiVirus
Trojan.Win32.Nimda.dnmrwl
0.30.24.2487

Panda Antivirus
Generic Malware
16.01.29.03

Sophos
Virus 'W32/Patched-I'
5.15

VIPRE Antivirus
Threat.4726526
41608

Zillya! Antivirus
Worm.RunOnce.Win32.2
2.0.0.2284

File size:
3.8 MB (3,935,232 bytes)

Product version:
2.7b3

Original file name:
whatpulse.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\whatpulse2\whatpulse.exe

Digital Signature
Signed by:

Authority:
GeoTrust Inc.

Valid from:
8/29/2014 5:39:32 PM

Valid to:
5/20/2022 5:39:32 PM

Subject:
CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Issuer:
CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

Serial number:
023A77

File PE Metadata
Compilation timestamp:
1/26/2016 2:40:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:9sm0vFgM7fbXla0QuMpOIDrZvkJg2/OrCPe5oh/FeVk:enQvpOMsgIL

Entry address:
0x1A4429

Entry point:
E8, 00, 06, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, 18, 6E, 00, E8, 11, 02, 00, 00, 33, F6, 89, 75, E4, 89, 75, E0, FF, 15, CC, A2, 5D, 00, 0F, B7, D8, 89, 75, FC, 64, A1, 18, 00, 00, 00, 8B, 50, 04, 8B, FE, BE, 84, 3D, 70, 00, 8B, CA, 33, C0, F0, 0F, B1, 0E, 85, C0, 74, 0B, 3B, C2, 75, F0, 33, F6, 46, 8B, FE, EB, 03, 33, F6, 46, 39, 35, 88, 3D, 70, 00, 75, 0A, 6A, 1F, E8, 3A, 04, 00, 00, 59, EB, 3B, 83, 3D, 88, 3D, 70, 00, 00, 75, 2C, 89, 35, 88, 3D, 70, 00, 68, EC, CA, 5D, 00, 68, D8, CA, 5D, 00, E8...
 
[+]

Entropy:
7.0228

Code size:
1.8 MB (1,935,360 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WhatPulse

Command:
"C:\Program Files\whatpulse2\whatpulse.exe"


Scan whatpulse.exe - Powered by Reason Core Security