» whosyourdaddy.exe
Overview
Analysis
File Details
Downloads (90)

whosyourdaddy.exe

Cilap

Morava Group

The application whosyourdaddy.exe, “Cilap Setup ” by Morava Group has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.appsfilessafe.com and multiple other hosts.

File name:

whosyourdaddy.exe

Publisher:

Morava Group (signed and verified)

Product:

Cilap

Description:

Cilap Setup

MD5:

ba94af715a524c812768307f14faa3ea

SHA-1:

d3fb5c992a23a61f8a8c643d458261fec6fe6452

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

12/26/2024 2:43:45 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.MoravaGr.Installer (M)

16.5.14.1

File size:

925.9 KB (948,152 bytes)

Product version:

3.7.3

Fast Internet

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\whosyourdaddy.exe

Digital Signature

Signed by:

Morava Group

Authority:

GlobalSign nv-sa

Valid from:

3/7/2016 2:28:01 AM

Valid to:

3/8/2017 2:28:01 AM

Subject:

CN=Morava Group, O=Morava Group, L=Towson, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121A83F14C1C6D435814D1A4B9EC949DB5C

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:PH9a0YfN12k11Me/htysP9NLE/MJmPh6L:PRYfN124yghtJDLyMJmh6L

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9339

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file whosyourdaddy.exe has been seen being distributed by the following 50 URLs.

http://www.appsfilessafe.com/.../ENh2t6n2fvrVULnWUgjj2fHxxx4uF7qLM6xk4JMBdOIU9jJhqb2kWsWQCh5ieCgeVOiRQLtwiAkIAfl01A hs5IOrHlb&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=H8WYetaFE1vQLmVPLQZqbwSvbveblDG798b1H0qexEo=&c= WWkqcbBqRU4CZUWpvBPrwR5MezgNSfovQsR99adQS dW1X7FAM45/8Iy3xjYd4FZJW26jwPaJf5BaeGnSYoHAL5IEJtxCNGbQCb23Zhe BT9grtLRMZJp/.../XM=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=rQUD/LYf/9M1Lt0QSHkKRbJW2/re6K2zD3Pr h lL/o=&c=FVh9Cg8Bf/.../hT5VbUq6A4jCgxqQU2HptSGOw38TYgz2bgbdlvcSe4wyn6yJrK1SHbyVplXqJ9kYLTM8motewEQ60ZlRcgB HrT1oXQOBfF7ehCX5RWOOLWfFL&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/.../ OrRtpK4F81ASOzPSP1ZRpDKeoBVitKLM1UgEaaRjz0q77LxW0O5PvSGC7Z VF9Vbn7uHaMlWEZeQa6YuEHuTDoFRAE3WjnUbHr3g8iROEvD ZX6sj7mJFRgXCCw2P8JpU6DQhZIjhce19E0zDUrc=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/.../xh7c1nEVwhIIQ=&c=1xU31cIsXXPGm5dktg0PxkUnsMgtu2qpWI kNk8CyJlfdHg Q5tYusVwxPECNrr7ISg6zIxXK1r3H31I2INLHP3CXtFXxYVEWT cSCZuFjJ2v5EFPl1mbDvKZYLOK 9LOPwzR OMI2p2Xca5yI4Xab1ShxO1SPpXQD5NaHMOVUI=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=S8Rp92kre1hzUypUc8Mbw35I0OIbYlLoeQvWfU3jcuE=&c=GXpko9HeJKUqVrQn p1OPX5Q3rDCt3kM85BzWg0tOn ZTitty8/.../KnCtCyTHcuTWSALO2G6oeV440Vn6zwL95fM9WnIKZoL4U8MIEAXVyhuddf6GibOR7h8FG78GokoRObj1Ghun2xaj5lRxPVIRZf4SCimsi CPCOnk=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=CcVtPUYXfjMAqGIXq6FNOQyhU9RyKBxw53jEC5Ig9Z4=&c=DHMhhOU85VRzxEN36AjtpTebr6jSz0AZFI9VPNe59KwaudJa4Hky dYTCBHbm8Q8 0HhFbMPE9WjB9fVeaDI4oI12o62BBuxlEhSYJwsIOezR89qoheIB3XcSa21dv1pvZPYOip8GXivKbiTD1G1TG7v3 GHSmU0j7wLNehiBs0=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=FMAhAEBdLRDARvPx//o/2FoT0L/.../2wUxUAyLjpff3neQQzc3GUEwGFgrZeq8VzVOJQRoGo=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=iqTYC95GlnPgG5WcIlHa2t3eXn2cfvcfk/.../zEWmlcrjDhm8HauSDCEM6GJBpFI1PiUSHJLD2H9p2t6POlEBbRQhfgY5cJtlk BbkSRHB0uoUmfzozhIgjERApVL3Gu9wk6V070aanBTxt3qG0a0J35YdvgMgKXrHhc2CntapmHCENGwmxsE=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=B3hDqj67TX7Sy2 W7pY8JnlNSUr 4PNTavBarhTdu0=&c=6dD6heLBPP915VHkxHWsXNv1VKvXLALTx8NakF2a84ZzJGmJB2ldbDT5W2iro3YWHaqV8n8Vmz5YouWqmLBnxujV4F6L9kXDqqH7XLh2050AxXlmZ5ROLWiqHOsHveSrQCB a3BFcNvisO5xT4vVgHTTH29GROQNtg5sv5M8gCA=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/.../5KYMyzaUqonlQPP54AtOVLYkIWgiVE1jLw09ljlXIg47qTEuc8W7jn0tEGoJfHVIQTARftWUYNLzSU8m96 lAc1yWrR7ChSCAHrzwq3I3R0VXQ&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=L9VOsqRgDH0b9jaPeyOQUIvoQzOkP/aQzsl4YYioq8E=&c=ToTZtVyP1KwEBfGXfAmp/.../oJrTI5tPO8c1BPFm4IxHkXsdsgLBU0VtPY7pVI vSitEyH2ybnBG8JzsK1bdp03dwvbfFWDzdOJz09tTfcV4Wpg5aUabLzzpo24KWs592XmsQ2rXJ4nL8c4fpps=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=0na6L3uYSoB1pVnJlULuRRYVLhFp1MC9wpcm71uk0ZQ=&c=gZiDlpEUg6AXn/.../ztFiNZsoAe8rfXGfBtddNYicRZepcE61S9z3V309BWohdm5P9D98PBRFzwlKUbgEvid1RsYD298g9evgCr8wsJYW obyzLaZc8nIH 3ZlnT2Xb8I=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=dcVbq0oggFG4BVOYSr4r5zlEs0qV2gwU4M2Dx6AxID0=&c=1M1vROTmyG FXYhF08egtIYfWYRhB4DG0bnlH f0WaIps0sTplDzvcIXaC0FkDTtv4ms62hEMspgYUDYGqYlIMhrk2adMaZZcsBa/.../NVKWcgTS7LskqEQbmguxmY=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/.../CMx 9xN8LBGztuDla0zm3AUZSMRiSBpfRZYw67sv0RlfFM98kUOJPxsHqYy&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=Ejt3ksUGI9A/7qFOLfo1zkeCgSseoULOabsuTXMOGm0=&c=wyWl mDmI96S0WL MgNT90qLtRhbizz6Z5hz1QxHlDKV/P1DfL8Jym86fD/.../pmwT4eGpoN7STFDK2vp26a29uGRzo54Kd0ItU2mKYUIkKfmF6FvjAu0=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=mDCKKA20tCarXLgLrm8yPJ2H9/CDIApiLNz4WkXuFLQ=&c=RA/.../rkFqvM6AIWYevqc05Jem5JT&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=G9TfRtQj5PUcFNYo2GFv9B1UXEr3wo0zMfMY gpMR5k=&c=EiACyrrlc7sahaq9ZBqstYqtqcbzfntSfOXWfa6Mjxw29T2wHV9QQ7 4NoTgRWm2YAca792LCBY2KhK1SymyTAPZM825Bm6Y0lO97u6cGJi3SuFlX2yUNQVwerkgsETHAchCiQ5iNXEdkvbl9w WXMOEJlb9Kn09dRKk6pxgMJA=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=zG3T4/5Eiadalu3WE2k1ycEFB/P8Bvyvh 2dKToJ8fY=&c=HnsmMApXj xvuI6Hxd36dvZIS3d2yEPOGy/.../yGObQdK8U87eEmt48J7ZxC7x85BSXWCz7Q7yeLAYZ7jEpZ5aB 6KkN4nrmcGUI1G lligQJy3N9my3zB rgPrizNtoXhT&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/.../kBS8kv83nu4LX7LqOVhYjPNwmgkwbVHyfoYcGiJMBU=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=gd6na9iR6IbfRojGGW3z/9E8WF/UnK0FR2xwgUpdK4k=&c=JFadQ3bee1Zyae tN0Rwqb6vjqdSpUkiDfFZJ8NYmRBWGv/.../qMeyQKnK7S3NLrFqUsspKYsdhJuQQVKrhndZI2EEmsnOFpFxaN1crd0udF34c3EwRhKGIm3k&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=62QtCI1rxqrEmx Kxo35Ir7n6eCiOUJDZ5azCWWWkRA=&c=0kkTakYdbaPI58ouj0KpqvTrAVCpUQC9Pxr1UKGjKup47zsaSLXLJiV51mOV97ekWEJ4zhKiqqzduDWq93d40mcaOi51DqwTpe8487DYm2kkjWqU2wwPIZUAsz9y39DA&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=948SwHNYKU0cb7aNTvRirr1P0j1ukwC1OE60BCOksag=&c=1qCL/NAkXipMHa21QkBEzmo3B6QNeItyZd0fxDQu1uJ5YmOEsPIabnQ0ra6l/.../vYRYBRV2c4X0ArNFK7vsch3E=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=ZnMeYnlZ5iHjs82 gBWUKB7ttRfL6xKON8KqVJiMeDY=&c=2Mz0PcFj6/.../Ocay6FUQMJPy6GIA3CeBkv2vj 1Be7VosKPirNKLkb mspl8TyKAaJ7e wS8xb19RR8XHZnEPztcnzT9DRnnwRG6bsBJ4V1u9Vj6bqJkNwtmyBetDZ01EKo2sK6oDtrqghroHc=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=TN5ri/blzhyo0up2EC9MI2f4GoGz6PdcNfHiy4V/.../vbP8zBRRDPc8TpBJqPzvIr6F8m3l0px7iRzEC1r94Z54IB4Sn1ZL7WKWD4dQTvT1dzd6K1nGQve PxltmLUb75Eh Qdzdiy9H5dxudZT18K2Yf4aZtpwx mLgywOCmKroVANbNLd syQuaKUX01 4CruYs&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=G/Z2yDfFaybTZ80plfnUJTTD6Ydbor7OpyivisO1bUk=&c=Fby98HO38QY8y836wR 2a7OrFa9wkLEojHTIp/QzIqAx/MzXMdJbGBKSmYQOjP jit5M/eBLYj0w9tPTT6MZIYz2vHslstFNHQXzxJLCU9ZN X/.../LEcWiTT86yyTRVKuJtTurMfe2YItRhStpn01BCFJXJcghBvvcEojjqqm5QvmnIKlzitcpZyajfTz&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=ITBu1V nLqxNp/xpf1/.../zeEivXKULsNfiazTRd61th GnCGzrnoy4GtQIhWl3Tq JN5qAGSFA2NsJVwyP5EdXzb5qNfaRi&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=o6cmuImHYLVlHo1h84tlPkkDxmh7VKiUTTfl3yLO9vk=&c=ILlO94KPt6rVulU9EQX21EcgG52pydhKKzV0UBBuOPxaJS4ewimA6ZwKLSsnWb4jnhqoG9h5prZfZLrRnweZ09n52NXy7AapKvlLO/eGBx/.../TENk2zgynJ fNRA=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=eM JneivnBaBRpGxeoJPwoRH0t8Cfw GNVv0pKabBv8=&c=mEXYPfxKhQBcwFOGDlttuRqp63 6iP0kJAAblY0yPJrd/4VTsjGf3yn88FlqP/.../1KrdkDQPCxCyvanfO64uzq71wyRZZZFm9CyV6Dk0xTB9KaxkiBa6taBzD&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

http://www.appsfilessafe.com/c?x=gDJoBF74U0LkfKAG0iZl8GcwUf01b qIvsMirHCDrmU=&c=kGoMJKP0kBnnZ0/NGgMS0KzhFChHppA8NSW2YZH6c/.../8QEq3lzfDuxRup9IiMQp230PhTzDAbG9G WYRWeBT7FF0LEA2Hj5bhJGNSpEt42XdxM=&e=0&downloadAs=WhosYourDaddy.exe&fallback_url=Fallback URL

Latest 30 of 90 download URLs

Remove whosyourdaddy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.