home

whatsapp.exe

The executable whatsapp.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from app.sugarsync.com and multiple other hosts.
MD5:
d7f0b458784f94780592e10ac195b414

SHA-1:
0227da0d51e2c8bc95819a1dac968db29d7560c7

SHA-256:
5678096fe0e130366e50028e1b0432e8cfdfb8e6ccaf6e6c50c126a2f6e39bf8

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/15/2024 1:41:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.172422
5813571

avast!
Win32:Malware-gen
160108-0

Emsisoft Anti-Malware
Gen:Variant.Zusy.172422
10.0.0.5366

ESET NOD32
Win32/TrojanDownloader.Banload.WTT trojan
7.0.302.0

F-Secure
Application:W32/Generic.0227da0d51!Online
5.15.21

McAfee
Trojan.Artemis!D7F0B458784F
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.2081.0

Norman
Gen:Variant.Zusy.172422
22.12.2015 20:50:33

VIPRE Antivirus
Threat.4150696
46260

File size:
840.5 KB (860,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\whatsapp.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:rluNkpbQEW3JEHZAvW5AN0TNIIoInt+gztK1cuMFyMA5jNscTUqnXMz:rQUQpe5AvW5AWOJ91duyMAwcTU+

Entry address:
0xB1DA0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 1A, 4B, 00, E8, F0, 4F, F5, FF, A1, BC, A4, 4B, 00, 8B, 00, E8, 90, 6B, FB, FF, A1, BC, A4, 4B, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, AC, A5, 4B, 00, A1, BC, A4, 4B, 00, 8B, 00, 8B, 15, 20, 44, 49, 00, E8, 85, 6B, FB, FF, 8B, 0D, 2C, A6, 4B, 00, A1, BC, A4, 4B, 00, 8B, 00, 8B, 15, 3C, 15, 4B, 00, E8, 6D, 6B, FB, FF, A1, BC, A4, 4B, 00, 8B, 00, E8, E1, 6B, FB, FF, E8, 40, 28, F5, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
708 KB (724,992 bytes)

The file whatsapp.exe has been seen being distributed by the following 2 URLs.

https://app.sugarsync.com/wf/D3160589_735_478465657/getfile/.../WhatsApp.exe

https://app.sugarsync.com/wf/D3160589_735_471121229/getfile/.../WhatsApp.exe

Remove whatsapp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.