» whatsapptime.exe
Overview
Analysis
File Details
Behaviors (1)
Network (27)

whatsapptime.exe

WhatsappTime Trusted

The executable whatsapptime.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘whatsappTime’. While running, it connects to the Internet address 9d.45.37a9.ip4.static.sl-reverse.com on port 443.

File name:

whatsapptime.exe

Publisher:

WhatsappTime Trusted (signed and verified)

MD5:

2377ca4b5e07bc5882840d844470a075

SHA-1:

ec8244bba4b039e2c3705b204294494b5025fee2

SHA-256:

322c8098c74f65ecbc1ac6e916713bf881c70b2eb6b7c118e9b89d1f8c722774

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/23/2024 2:26:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.2.28.13

File size:

45.6 MB (47,818,144 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\whatsapptime\whatsapptime.exe

Digital Signature

Signed by:

WhatsappTime Trusted

Authority:

WhatsappTime Trusted

Valid from:

5/25/2016 5:16:37 PM

Valid to:

5/23/2026 5:16:37 PM

Subject:

CN="""WhatsappTIme Trusted""", O="""WhatsappTime Trusted""", S=Some-State, C=US

Issuer:

CN="""WhatsappTIme Trusted""", O="""WhatsappTime Trusted""", S=Some-State, C=US

Serial number:

00A60CF24083331D6D

File PE Metadata

Compilation timestamp:

1/14/2017 10:03:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x1C99451

Entry point:

E8, 9A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, B8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, B8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, B8, EC, 02, 02, 74, 21, 6A, 17, E8, C9, 2D, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

6.8628

Code size:

34.9 MB (36,635,648 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

whatsappTime

Command:

C:\users\{user}\appdata\roaming\whatsapptime\whatsapptime.exe su

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to 2d.4a.37a9.ip4.static.sl-reverse.com (169.55.74.45:443)

TCP (HTTP):

Connects to a72-247-184-19.deploy.akamaitechnologies.com (72.247.184.19:80)

TCP (HTTP SSL):

Connects to b2.e0.559e.ip4.static.sl-reverse.com (158.85.224.178:443)

TCP (HTTP SSL):

Connects to ae.e0.559e.ip4.static.sl-reverse.com (158.85.224.174:443)

TCP (HTTP):

Connects to a184-86-201-168.deploy.static.akamaitechnologies.com (184.86.201.168:80)

TCP (HTTP SSL):

Connects to 9d.45.37a9.ip4.static.sl-reverse.com (169.55.69.157:443)

TCP (HTTP SSL):

Connects to server-54-230-202-169.fra50.r.cloudfront.net (54.230.202.169:443)

TCP (HTTP):

Connects to server-54-192-201-137.fra50.r.cloudfront.net (54.192.201.137:80)

TCP (HTTP):

Connects to ox-173-241-248-143.xf.dc.openx.org (173.241.248.143:80)

TCP (HTTP):

Connects to a72-247-184-27.deploy.akamaitechnologies.com (72.247.184.27:80)

TCP (HTTP):

Connects to a23-56-3-183.deploy.static.akamaitechnologies.com (23.56.3.183:80)

TCP (HTTP SSL):

Connects to 32.4a.37a9.ip4.static.sl-reverse.com (169.55.74.50:443)

TCP (HTTP SSL):

Connects to b0.e0.559e.ip4.static.sl-reverse.com (158.85.224.176:443)

TCP (HTTP):

Connects to ox-173-241-250-220.ca.dc.openx.org (173.241.250.220:80)

TCP (HTTP):

Connects to ox-173-241-250-143.ca.dc.openx.org (173.241.250.143:80)

TCP (HTTP):

Connects to ec2-54-193-65-113.us-west-1.compute.amazonaws.com (54.193.65.113:80)

TCP (HTTP):

Connects to ec2-54-183-82-138.us-west-1.compute.amazonaws.com (54.183.82.138:80)

TCP (HTTP):

Connects to a23-2-12-111.deploy.static.akamaitechnologies.com (23.2.12.111:80)

TCP (HTTP):

Connects to ec2-54-243-110-76.compute-1.amazonaws.com (54.243.110.76:80)

TCP (HTTP SSL):

Connects to ad.e0.559e.ip4.static.sl-reverse.com (158.85.224.173:443)

Remove whatsapptime.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.