home

whatsapp.exe

Stepan Rybin

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application whatsapp.exe by Stepan Rybin has been detected as adware by 25 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Stepan Rybin  (signed and verified)

MD5:
0af130e94fe56e2fe6fd3b3507bb12aa

SHA-1:
fc6bef1bd6501ccfe39e22d323c3adbf5b3cc260

SHA-256:
59e176245ba36fc25b28dc7c31483dd753a2c6c78587e1ddd0ac05491e0b42bf

Scanner detections:
25 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/25/2024 1:09:14 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.MPLug.35
5774621

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.04.29

Avira AntiVirus
PUA/MultiPlug.11245
3.6.1.96

avast!
Win32:PUP-gen [PUP]
150319-1

AVG
Adware Generic6.ACHO
2014.0.4311

Bitdefender
Gen:Variant.Adware.MPLug.35
1.0.20.590

Comodo Security
Application.Win32.MultiPlug.VD
21926

Dr.Web
Trojan.Crossrider1.22656
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPLug.35
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.HN (variant)
9.11546

Fortinet FortiGate
Riskware/MultiPlug
4/28/2015

F-Prot
W32/S-019fe136
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPLug
5.13.68

G Data
Gen:Variant.Adware.MPLug.35
15.4.25

K7 AntiVirus
Unwanted-Program
13.203.15737

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

McAfee
Program.MultiPlug-FXE
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.197.813.0

MicroWorld eScan
Gen:Variant.Adware.MPLug.35
16.0.0.354

NANO AntiVirus
Riskware.Win32.MultiPlug.dpxoxp
0.30.24.1357

Reason Heuristics
PUP.WebPick.StepanRybin
15.4.28.16

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15426

Sophos
PUA 'MultiPlug' (of type Adware)
5.13

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.3

File size:
452.2 KB (463,048 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\{8bce706b-d11a-ec59-8bce-e706bd11c1af}\whatsapp.exe

Digital Signature
Signed by:
Stepan Rybin

Authority:
Unizeto Technologies S.A.

Valid from:
6/27/2014 1:37:40 AM

Valid to:
6/27/2015 1:37:40 AM

Subject:
E=rybin.step@yandex.ru, CN=Stepan Rybin, O=Stepan Rybin, C=UA

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
47154C2151E9EB8DFA42C2C9E45BFC6C

File PE Metadata
Compilation timestamp:
7/26/2013 10:34:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:xHdi4oCggCOd7VnoDa7x6si+4iUsvmqxtA0g/IfTcCoMuPj/wfOuEBiprsv:Rdi4UgzVno4x6bQm4t08/Kv

Entry address:
0x4098B

Entry point:
E8, E6, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, B2, 44, 00, E8, EF, 17, 00, 00, E8, B3, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, 79, 12, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 28, 02, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3936

Code size:
278.5 KB (285,184 bytes)

User Start Menu Item
Name:
WhatsApp(1).exe


Remove whatsapp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.