whatsapptime.exe

WTApps

The executable whatsapptime.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘whatsappTime’. This file is typically installed with the program WhatsappTime - Whatsapp for Desktop by WhatsappTime. While running, it connects to the Internet address upload-lb.esams.wikimedia.org on port 443.
Publisher:
WTApps  (signed and verified)

MD5:
0b0fcaf6183122cd97bbc0d6f35b0973

SHA-1:
c77a41741856838b69052b54f7ade414357b1722

SHA-256:
b2e2f5e17f20bbdf8f108fea6c43722c27e448e1f145d8baa53614c879ef8754

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/23/2024 6:11:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.2.14

File size:
45.8 MB (48,021,784 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\whatsapptime\whatsapptime.exe

Digital Signature
Signed by:

Authority:
WTApps

Valid from:
9/9/2015 2:30:36 PM

Valid to:
9/6/2025 2:30:36 PM

Subject:
CN=WTApps, O=WTApps, S=Some-State, C=US

Issuer:
CN=WTApps, O=WTApps, S=Some-State, C=US

Serial number:
00820714628B1C1CC8

File PE Metadata
Compilation timestamp:
3/5/2015 9:21:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:iLJmRGIXff9keaayimwJZHM3SD3K4mNCesWePrumsEUF0pfNUSh:itmRGIXff923imwJZMCDVVesWewFGUG

Entry address:
0x1C996D1

Entry point:
E8, 9A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, 38, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, 38, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, 38, EC, 02, 02, 74, 21, 6A, 17, E8, A9, 21, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8752

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
whatsappTime

Command:
C:\users\{user}\appdata\roaming\whatsapptime\whatsapptime.exe su


The file whatsapptime.exe has been discovered within the following program.

About 7% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 39.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.57:443)

TCP (HTTP):
Connects to ec2-54-243-110-253.compute-1.amazonaws.com  (54.243.110.253:80)

TCP (HTTP SSL):
Connects to a23-214-183-227.deploy.static.akamaitechnologies.com  (23.214.183.227:443)

TCP (HTTP SSL):
Connects to a104-124-133-20.deploy.static.akamaitechnologies.com  (104.124.133.20:443)

TCP (HTTP SSL):
Connects to 31.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.49:443)

TCP (HTTP SSL):
Connects to 2a.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.42:443)

TCP (HTTP SSL):
Connects to ec2-54-77-155-10.eu-west-1.compute.amazonaws.com  (54.77.155.10:443)

TCP (HTTP SSL):
Connects to ae.e0.559e.ip4.static.sl-reverse.com  (158.85.224.174:443)

TCP (HTTP SSL):
Connects to b3.e0.559e.ip4.static.sl-reverse.com  (158.85.224.179:443)

TCP (HTTP SSL):
Connects to 85.243.178.107.bc.googleusercontent.com  (107.178.243.85:443)

TCP (HTTP SSL):
Connects to 2d.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.45:443)

TCP (HTTP SSL):
Connects to b4.e0.559e.ip4.static.sl-reverse.com  (158.85.224.180:443)

TCP (HTTP SSL):
Connects to ad.e0.559e.ip4.static.sl-reverse.com  (158.85.224.173:443)

TCP (HTTP SSL):
Connects to 9d.45.37a9.ip4.static.sl-reverse.com  (169.55.69.157:443)

TCP (HTTP SSL):
Connects to 24.4a.37a9.ip4.static.sl-reverse.com  (169.55.74.36:443)

TCP (HTTP SSL):
Connects to whatsapp-cdn-shv-01-frt3.fbcdn.net  (31.13.92.52:443)

TCP (HTTP):
Connects to rev-202.syptec.com  (67.138.108.202:80)

TCP (HTTP):
Connects to ns1.farlex.com  (209.160.58.87:80)

TCP (HTTP):
Connects to ec2-54-243-168-255.compute-1.amazonaws.com  (54.243.168.255:80)

TCP (HTTP SSL):
Connects to ec2-52-48-217-100.eu-west-1.compute.amazonaws.com  (52.48.217.100:443)

Remove whatsapptime.exe - Powered by Reason Core Security