whats app pc.exe

Prelasan Developments s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application whats app pc.exe by Prelasan Developments s.l has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from sagefile.com.
Publisher:
Prelasan Developments s.l.  (signed and verified)

MD5:
90d14a5c8fd53cd9735656df2da282d7

SHA-1:
6c7cb9b12637895878515d887fa8b1b42728e121

SHA-256:
e305dd0e0cccc0460186e133efce88a26add392f802b0742fc21e455486eb9e6

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 2:42:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.964431
751

Agnitum Outpost
PUA.Solimba
7.1.1

AhnLab V3 Security
PUP/Win32.Solimba
2014.12.14

Avira AntiVirus
APPL/Solimba.Gen4
7.11.194.18

avast!
Win32:PUP-gen [PUP]
2014.9-150412

AVG
Adware BundleApp_r
2016.0.3229

Baidu Antivirus
Adware.Win32.Solimba
4.0.3.15412

Bitdefender
Application.Generic.964431
1.0.20.70

Clam AntiVirus
Win.Trojan.964431
0.98/19849

Comodo Security
Application.Win32.Firseria.GH
20512

Dr.Web
Adware.Downware.9358
9.0.1.014

Emsisoft Anti-Malware
Application.Generic.964431
8.15.01.14.07

ESET NOD32
MSIL/Solimba.AK.gen potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/Morstars
4/12/2015

F-Prot
W32/S-01b67f1b
v6.4.7.1.166

F-Secure
Riskware.Application.Generic.964431
11.2015-14-01_4

G Data
Win32.Application.Morstar
15.1.24

IKARUS anti.virus
not-a-virus:Downloader.Morstar
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.186.14295

Malwarebytes
PUP.Optional.Solimba
v2015.01.14.07

MicroWorld eScan
Application.Generic.964431
16.0.0.42

NANO AntiVirus
Trojan.Win32.Morstar.dkaoql
0.28.6.63850

Norman
Application.Generic.964431
11.20150114

Panda Antivirus
Trj/Genetic.gen
15.01.14.07

Quick Heal
Adware.Firseria.A5
4.15.14.00

Reason Heuristics
Threat.PrelasanDevelopments
15.4.11.23

Rising Antivirus
PE:Malware.Morstar!6.1B3E
23.00.65.15410

Sophos
PUA 'Solimba Installer'
59

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4758821
35418

File size:
562.1 KB (575,568 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\whats app pc.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/24/2014 6:07:57 PM

Valid to:
9/24/2016 6:07:57 PM

Subject:
CN=Prelasan Developments s.l., O=Prelasan Developments s.l., L=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FE86E799E134BB6B2BBD0E554BFB2C1D

File PE Metadata
Compilation timestamp:
12/9/2014 10:16:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:3b/YqJsiTkpSODk4OPgWkf+g+vQB45FK7/Mb3evjH3SIGW4W6CIn24hbt:3b/Y3iTyzk5PgWwh4rinb31z6CIbt

Entry address:
0xD44C

Entry point:
E8, AF, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, 60, 42, 00, E8, FE, 15, 00, 00, E8, 80, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 42, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0B, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
111 KB (113,664 bytes)

The file whats app pc.exe has been seen being distributed by the following URL.

Remove whats app pc.exe - Powered by Reason Core Security