» whatsapp.exe
Overview
Analysis
File Details
Downloads (2)

whatsapp.exe

XL-II relaxo officium postea clam

repetitio qui cunabula horum

The application whatsapp.exe, “comprovincialis abstergo disco sane” has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from get.leadersrepo.com and multiple other hosts.

File name:

whatsapp.exe

Publisher:

repetitio qui cunabula horum

Product:

XL-II relaxo officium postea clam

Description:

comprovincialis abstergo disco sane

Version:

5.35.82.24

MD5:

0dcfef603323c57d0f9a75b79e484091

SHA-1:

73bce33074f732093cf613c2e5776df362d501e7

SHA-256:

edf2644dbf6c6e0a7e11cb09af06c0c04f89dfe612b7050e3eed889feb127bad

Scanner detections:

11 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

1/12/2025 10:31:29 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Application.Downloader

2.1.4+

Avira AntiVirus

APPL/Firseria.Gen8

7.11.177.244

avast!

Win32:Adware-gen [Adw]

141003-0

AVG

Adware BundleApp_r.AV

2014.0.4037

Comodo Security

Application.Win32.Solimba.LSW

19791

Dr.Web

Adware.Downware.8763

9.0.1.05190

ESET NOD32

MSIL/Solimba.AH potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:Downloader.Win32.Morstar

15.0.0.494

NANO AntiVirus

Trojan.Win32.Morstar.dgkzig

0.28.2.62671

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

File size:

523.2 KB (535,807 bytes)

Product version:

67.19.86.63

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\whatsapp.exe

File PE Metadata

Compilation timestamp:

10/13/2014 9:30:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:OdoXLrF5LfTka2HiRP2VbBqVxUIR+C8sOmf3fyKElW:OdobDfTJPQbBGUIR3Df3fb3

Entry address:

0xDE9C

Entry point:

E8, A5, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 6E, 42, 00, E8, FE, 15, 00, 00, E8, 76, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 38, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 01, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7028

Packer / compiler:

PEQuake V0.06

Code size:

113.5 KB (116,224 bytes)

The file whatsapp.exe has been seen being distributed by the following 2 URLs.

http://get.leadersrepo.com/n/3.1.40/.../WhatsApp.exe

http://sunkfile.com/n/3.1.40/.../WhatsApp.exe

Remove whatsapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.