whatsapp.exe

Sambamedia SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application whatsapp.exe by Sambamedia SL has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from downloads.gufile.com.
Publisher:
Sambamedia SL  (signed and verified)

MD5:
c67fa4dbc065c4ee8a2f2db9169b8218

SHA-1:
31a90436b9986cac92b20823cc6d727110367e0a

SHA-256:
78aea712d7e89c7c79b1a7a1a9302a4b0ae0b7212b0a2079f3e55b13b1f7fc5e

Scanner detections:
9 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/9/2024 12:58:58 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Softpulse.Gen8
7.11.170.170

AVG
Win32/DH{gRJ+UIEHeVRPFVGBFYEJHFOBE0GBDw}
2015.0.3363

ESET NOD32
Win32/SoftPulse (variant)
8.10359

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.5.0

Malwarebytes
PUP.Optional.DomaIQ
v2014.09.03.08

McAfee
SoftPulse
5600.7019

Norman
Malware
11.20140903

Panda Antivirus
Trj/Genetic.gen
14.09.03.08

Reason Heuristics
PUP.SambamediaSL.I
14.9.3.8

File size:
1.2 MB (1,264,760 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\whatsapp.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
4/28/2014 4:13:17 PM

Valid to:
4/29/2015 4:13:17 PM

Subject:
E=contact@sambamediasl.com, CN=Sambamedia SL, O=Sambamedia SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A6F5CA8560763435DF885221AE3B200F

File PE Metadata
Compilation timestamp:
9/2/2014 4:34:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:NAGDeJQ0CY1T9/ZUC7NfRxFpdkffH2u5pZMcsw:iXTAUPxmffHtH

Entry address:
0x720F

Entry point:
E8, A9, 29, 00, 00, E9, 7F, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A8, A1, 41, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 6A, 03, E8, 27, 29, 00, 00, 59, 83, F8, 01, 74, 15, 6A, 03, E8, 1A, 29, 00, 00, 59, 85, C0, 75, 1F, 83, 3D, F8, B2, 41, 00, 01, 75, 16, 68, FC, 00, 00, 00, E8, 31, 00, 00, 00, 68, FF, 00, 00, 00, E8, 27, 00, 00, 00, 59, 59, C3, 55, 8B, EC, 8B, 4D, 08, 33...
 
[+]

Code size:
66 KB (67,584 bytes)

The file whatsapp.exe has been seen being distributed by the following URL.

Remove whatsapp.exe - Powered by Reason Core Security