» whatsapp.exe
Overview
Analysis
File Details
Downloads (2)

whatsapp.exe

The executable whatsapp.exe has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from whatsappgood.com and multiple other hosts.

File name:

whatsapp.exe

MD5:

ec6a04bbd6c18ea53f835d3bdd91c6cf

SHA-1:

2a394a9073a87be2f1db89914b1d3ce9a689e58d

SHA-256:

13661faeb004cef14529bf71275cc7e6fd12c801724214519e8d776dc0435ebd

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

11/30/2024 10:52:28 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Delf.Downloader.G

5813612

avast!

Win32:Banker-MPF [Trj]

160107-0

Dr.Web

Trojan.DownLoader18.1541

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Delf.Downloader

10.0.0.5366

ESET NOD32

Win32/TrojanDownloader.Banload.WTT trojan

7.0.302.0

McAfee

Trojan.Artemis!EC6A04BBD6C1

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.2081.0

Norman

Trojan.Delf.Downloader.G

05.01.2016 05:35:50

File size:

771 KB (789,504 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\whatsapp.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:ImuWQ2AEITqHtHW5A6MRHLpoKaSfCMjiJ/6ZEZOS4sfTUqnyv:b3QRdstHW5A9XZzHZE9tfTU+y

Entry address:

0xA3974

Entry point:

55, 8B, EC, 83, C4, F0, B8, 0C, 36, 4A, 00, E8, 04, 33, F6, FF, A1, 58, C1, 4A, 00, 8B, 00, E8, 54, 95, FC, FF, A1, 58, C1, 4A, 00, 8B, 00, C6, 40, 5B, 00, 8B, 0D, 98, C2, 4A, 00, A1, 58, C1, 4A, 00, 8B, 00, 8B, 15, E4, DA, 49, 00, E8, 49, 95, FC, FF, 8B, 0D, D4, C2, 4A, 00, A1, 58, C1, 4A, 00, 8B, 00, 8B, 15, 88, 31, 4A, 00, E8, 31, 95, FC, FF, A1, 58, C1, 4A, 00, 8B, 00, E8, A5, 95, FC, FF, E8, 54, 0B, F6, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

650.5 KB (666,112 bytes)

The file whatsapp.exe has been seen being distributed by the following 2 URLs.

http://whatsappgood.com/.../index.php

https://app.sugarsync.com/wf/D3160589_735_478465657/getfile/.../WhatsApp.exe

Remove whatsapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.