» whatpulse.exe
Overview
Analysis
File Details
Behaviors (1)

whatpulse.exe

WhatPulse

GeoTrust Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WhatPulse’.

File name:

whatpulse.exe

Publisher:

GeoTrust Inc. (signed and verified)

Product:

WhatPulse

Version:

2.7b1

MD5:

56d9892824a537e63e476fa61b5dda97

SHA-1:

5ceeb233fef4a3ef3badf52c8e8179260eda8d69

SHA-256:

f5cc1a1ee85bf1fe444fbacff2cb51c42ba00d24f8f01993566bf7b2d08ef9ae

Scanner detections:

15 / 68

Status:

Clean (15 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/25/2024 2:34:00 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Runouce-E [Trj]

2014.9-160108

Clam AntiVirus

WIN.Worm.Brontok

0.98/20684

Comodo Security

EmailWorm.Win32.Runonce.~v001

22752

Dr.Web

infected with JS.Nimda

9.0.1.08

ESET NOD32

Win32/Chir.C virus

10.7.0.302.0

Fortinet FortiGate

W32/Chir.C!tr

1/8/2016

F-Prot

W32/Thecid.B@mm

v6.4.6.5.141

IKARUS anti.virus

Email-Worm.Win32.Runouce

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16537

Microsoft Security Essentials

Threat.Undefined

1.201.1583.0

NANO AntiVirus

Trojan.Win32.Nimda.dnmrwl

0.30.24.2487

Panda Antivirus

Generic Malware

16.01.08.11

Sophos

Virus 'W32/Patched-I'

5.15

VIPRE Antivirus

Threat.4726526

41608

Zillya! Antivirus

Worm.RunOnce.Win32.2

2.0.0.2284

File size:

3.6 MB (3,820,544 bytes)

Product version:

2.7b1

Original file name:

whatpulse.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\whatpulse2\whatpulse.exe

Digital Signature

Signed by:

GeoTrust Inc.

Authority:

GeoTrust Inc.

Valid from:

8/29/2014 11:39:32 PM

Valid to:

5/20/2022 11:39:32 PM

Subject:

CN=RapidSSL SHA256 CA - G3, O=GeoTrust Inc., C=US

Issuer:

CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

Serial number:

023A77

File PE Metadata

Compilation timestamp:

12/31/2015 4:49:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:wQyTkSwB2OjXLNjGpxDIwwInT4O42/5JFfS:5ztGncwx4O4IdfS

Entry address:

0x195F39

Entry point:

E8, 00, 06, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, 97, 6C, 00, E8, 11, 02, 00, 00, 33, F6, 89, 75, E4, 89, 75, E0, FF, 15, CC, 92, 5C, 00, 0F, B7, D8, 89, 75, FC, 64, A1, 18, 00, 00, 00, 8B, 50, 04, 8B, FE, BE, 84, 9B, 6E, 00, 8B, CA, 33, C0, F0, 0F, B1, 0E, 85, C0, 74, 0B, 3B, C2, 75, F0, 33, F6, 46, 8B, FE, EB, 03, 33, F6, 46, 39, 35, 88, 9B, 6E, 00, 75, 0A, 6A, 1F, E8, 3A, 04, 00, 00, 59, EB, 3B, 83, 3D, 88, 9B, 6E, 00, 00, 75, 2C, 89, 35, 88, 9B, 6E, 00, 68, 24, B9, 5C, 00, 68, 10, B9, 5C, 00, E8... 
[+]

Code size:

1.8 MB (1,865,216 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

WhatPulse

Command:

"C:\Program Files\whatpulse2\whatpulse.exe"

Scan whatpulse.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.