home

whatsapp online.vmp.exe

Asdq

Sony

The application whatsapp online.vmp.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from docs.google.com and multiple other hosts.
Publisher:
Sony

Product:
Asdq

Version:
1.00

MD5:
ecdd85a433c4146babf61f1dd7ebb0b1

SHA-1:
9aea4a0493b5b5d418a7e0e203fd8c3e0e52b50f

SHA-256:
2e45bf0af8def3c774169ccfb39d53e1feb9baef4c64176319d5c21355bb913a

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:47:18 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Black.Gen2
8.3.2.2

AVG
Win32/Blacked
2017.0.2819

Baidu Antivirus
PUA.Win32.VMProtect
4.0.3.16228

ESET NOD32
Win32/Packed.VMProtect.ABD (variant)
10.12244

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.591

Microsoft Security Essentials
TrojanDownloader:Win32/Banload.BAX
1.1.12002.0

Quick Heal
(Suspicious) - DNAScan
2.16.14.00

Sophos
Mal/VMProtBad-A
4.98

Vba32 AntiVirus
TScope.Trojan.VB
3.12.26.4

File size:
1008 KB (1,032,192 bytes)

Product version:
1.00

Original file name:
Project1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\whatsapp online.vmp.exe

File PE Metadata
Compilation timestamp:
8/5/2015 2:32:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:YrH08i2/QoWfiNRG+KQTGQUitJ7NMORxn3gpYhYaCKsb0:Lx2/QoRE6TGQUkld0yTjY0

Entry address:
0x1A4C16

Entry point:
54, 60, C7, 44, 24, 20, 8F, 27, DA, 60, E8, EF, 9F, FF, FF, 60, FF, 37, 8F, 44, 24, 20, 88, 3C, 24, 60, 68, FB, 41, E6, FA, FF, 34, 24, 8D, 64, 24, 48, E9, 60, 00, 00, 00, 0F, B6, C2, 8B, 45, F8, 38, CE, F6, C5, 2F, D1, E0, 66, 89, 14, 24, E8, 3E, 1C, 00, 00, E9, 7D, 2A, 01, 00, 8D, 64, 24, 2C, 0F, 85, C2, 37, F4, FF, 66, 0F, BA, E7, 0C, 89, F9, F9, 66, 0F, BA, F6, 03, 66, F7, D6, 66, 0F, A3, C0, 29, D9, 66, D1, FE, 68, AB, 18, FD, 52, 0F, A3, E5, 8D, 74, 24, 04, 83, EC, FC, 68, 77, 2E, C3, DA, 83, EF, 04...
 
[+]

Code size:
72 KB (73,728 bytes)

The file whatsapp online.vmp.exe has been seen being distributed by the following 2 URLs.

https://docs.google.com/uc?authuser=0&id=0Bw9HQP1l-NmHZjdjcTNSM204eU0&export=download

https://doc-0c-14-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ap2sof2k9htvg9genlggqo0gs8e5vqlr/1441980000000/05576809216724312344/.../0Bw9HQP1l-NmHZjdjcTNSM204eU0?e=download

Remove whatsapp online.vmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.