» whats app pc.exe
Overview
Analysis
File Details
Downloads (1)

whats app pc.exe

Prelasan Developments s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application whats app pc.exe by Prelasan Developments s.l has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from sagefile.com.

File name:

whats app pc.exe

Publisher:

Prelasan Developments s.l. (signed and verified)

MD5:

90d14a5c8fd53cd9735656df2da282d7

SHA-1:

6c7cb9b12637895878515d887fa8b1b42728e121

SHA-256:

e305dd0e0cccc0460186e133efce88a26add392f802b0742fc21e455486eb9e6

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/23/2024 10:43:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.964431

751

Agnitum Outpost

PUA.Solimba

7.1.1

AhnLab V3 Security

PUP/Win32.Solimba

2014.12.14

Avira AntiVirus

APPL/Solimba.Gen4

7.11.194.18

avast!

Win32:PUP-gen [PUP]

2014.9-150412

AVG

Adware BundleApp_r

2016.0.3229

Baidu Antivirus

Adware.Win32.Solimba

4.0.3.15412

Bitdefender

Application.Generic.964431

1.0.20.70

Clam AntiVirus

Win.Trojan.964431

0.98/19849

Comodo Security

Application.Win32.Firseria.GH

20512

Dr.Web

Adware.Downware.9358

9.0.1.014

Emsisoft Anti-Malware

Application.Generic.964431

8.15.01.14.07

ESET NOD32

MSIL/Solimba.AK.gen potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/Morstars

4/12/2015

F-Prot

W32/S-01b67f1b

v6.4.7.1.166

F-Secure

Riskware.Application.Generic.964431

11.2015-14-01_4

G Data

Win32.Application.Morstar

15.1.24

IKARUS anti.virus

not-a-virus:Downloader.Morstar

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.186.14295

Malwarebytes

PUP.Optional.Solimba

v2015.01.14.07

MicroWorld eScan

Application.Generic.964431

16.0.0.42

NANO AntiVirus

Trojan.Win32.Morstar.dkaoql

0.28.6.63850

Norman

Application.Generic.964431

11.20150114

Panda Antivirus

Trj/Genetic.gen

15.01.14.07

Quick Heal

Adware.Firseria.A5

4.15.14.00

Reason Heuristics

Threat.PrelasanDevelopments

15.4.11.23

Rising Antivirus

PE:Malware.Morstar!6.1B3E

23.00.65.15410

Sophos

PUA 'Solimba Installer'

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4758821

35418

File size:

562.1 KB (575,568 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\whats app pc.exe

Digital Signature

Signed by:

Prelasan Developments s.l.

Authority:

GlobalSign nv-sa

Valid from:

9/24/2014 6:07:57 PM

Valid to:

9/24/2016 6:07:57 PM

Subject:

CN=Prelasan Developments s.l., O=Prelasan Developments s.l., L=Barcelona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FE86E799E134BB6B2BBD0E554BFB2C1D

File PE Metadata

Compilation timestamp:

12/9/2014 10:16:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:3b/YqJsiTkpSODk4OPgWkf+g+vQB45FK7/Mb3evjH3SIGW4W6CIn24hbt:3b/Y3iTyzk5PgWwh4rinb31z6CIbt

Entry address:

0xD44C

Entry point:

E8, AF, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, 60, 42, 00, E8, FE, 15, 00, 00, E8, 80, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 42, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0B, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

111 KB (113,664 bytes)

The file whats app pc.exe has been seen being distributed by the following URL.

http://sagefile.com/n/3.2.16/.../Whats App PC.exe

Remove whats app pc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.