home

installer_whatsapp_2_11_163_spanish.exe

Free Software LLC

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application installer_whatsapp_2_11_163_spanish.exe by Free Software has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from domseo.com.edgesuite.net and multiple other hosts.
Publisher:
Free Software LLC  (signed and verified)

MD5:
5d38c9a82d071b3dce1bec771ba6f049

SHA-1:
bab237b01116625380b3e30ce57d4588cc509fa8

SHA-256:
81aa97ad7d2e5c7e2a3cdd10f8c32cfa6513d33792351f37476b9157cef9d309

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 8:20:58 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen4
7.11.205.178

avast!
Win32:PUP-gen [PUP]
150126-0

AVG
Generic
2016.0.3216

Clam AntiVirus
Win.Trojan.Vittalia-7
0.98/19988

Comodo Security
TrojWare.Win32.Agent.IEXT
20877

Dr.Web
Trojan.Click3.9274
9.0.1.05190

ESET NOD32
Win32/Vittalia.R potentially unwanted application
7.0.302.0

IKARUS anti.virus
AdWare.Win32.Vittalia
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14786

Malwarebytes
PUP.Optional.Vittalia
v2015.01.28.11

McAfee
CryptVittalia
5600.6872

NANO AntiVirus
Trojan.Win32.Click3.decdqx
0.30.0.65070

Panda Antivirus
Generic Suspicious
15.01.28.11

Reason Heuristics
PUP.FreeSoftware
15.1.28.11

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
36666

Zillya! Antivirus
Backdoor.PePatch.Win32.39630
2.0.0.2048

File size:
667.7 KB (683,712 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installer_whatsapp_2_11_163_spanish.exe

Digital Signature
Signed by:
Free Software LLC

Authority:
Starfield Technologies, Inc.

Valid from:
8/1/2014 12:08:01 PM

Valid to:
7/22/2015 1:23:49 PM

Subject:
CN=Free Software LLC, O=Free Software LLC, L=Wilmington, S=Delaware, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27DD6AADCC34E6

File PE Metadata
Compilation timestamp:
8/6/2014 12:36:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:tTfTyMohF7EDXdBVOR25/dsKFhRp3rlGR0gbao:tTfTyMqFAXNtFp3rlGRh

Entry address:
0x1975B

Entry point:
E8, FA, CE, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, D7, 46, 00, E8, EF, 4D, 00, 00, E8, 8D, 28, 00, 00, 0F, B7, F0, 6A, 02, E8, 8D, CE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 7F, B0, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
362.5 KB (371,200 bytes)

The file installer_whatsapp_2_11_163_spanish.exe has been seen being distributed by the following 2 URLs.

http://domseo.com.edgesuite.net/installers/out/008080080900810/piid-01234567899874563210012345678912/ax/mp3/spanish/seoa/chrome/whatsapp_2_11_163/cpp/782198027fc5094c479d3ef9a43b22b5/vit2/.../installer_whatsapp_2_11_163_Spanish.exe

http://descargar.mp3.es/lv/software/downloadf/.../WhatsApp.htm

Remove installer_whatsapp_2_11_163_spanish.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.