home

whatsappplus.exe

The executable whatsappplus.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application.
Version:
1.0.0.0

MD5:
31b2748257db16e00c0e7ed82a1764cc

SHA-1:
1761238af97ffbb80d3fd07ae55c89de9225b890

SHA-256:
c1f6f420d8043f74160340bacc1f9ecfe92123cd98b5a287a617e512bf057d1d

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/24/2024 3:45:31 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.Ba
2015.12.08

avast!
Win32:Malware-gen
2014.9-160106

Baidu Antivirus
Trojan.Win32.Banker
4.0.3.1616

Kaspersky
Trojan-Banker.Win32.BestaFera
14.0.0.858

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1077

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
685.5 KB (701,952 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\whatsappplus.exe

File PE Metadata
Compilation timestamp:
12/7/2015 1:01:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:XeYQDXEsbRQ9Br6BSZJ0HjI/iLK+VRTR:lm0sG9Z6IZJ0HjI/iLKmRTR

Entry address:
0x79AA4

Entry point:
55, 8B, EC, B9, 28, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, B8, 10, 4E, 47, 00, E8, 11, 0C, F9, FF, 33, C0, 55, 68, 01, A3, 47, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, E8, 97, B0, FF, FF, 8D, 45, EC, 50, 8D, 45, E8, E8, 27, B1, FF, FF, 8B, 55, E8, 58, E8, 82, DE, F8, FF, 8B, 45, EC, B2, 01, E8, 00, 17, FA, FF, 84, C0, 0F, 85, D7, 07, 00, 00, E8, 9B, AC, F8, FF, B8, 74, 70, 48, 00, E8, 71, D0, F8, FF, BB, 14, 00, 00, 00, B8, 34, 00, 00, 00, E8, AA, AC, F8, FF, 8B, F0, 46, 8D, 45, E4, BA, 1C, A3, 47...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
486.5 KB (498,176 bytes)

The file whatsappplus.exe has been seen being distributed by the following URL.

http://cl.ly/1I0V0P0g2933/.../WhatsAppPlus.exe

Remove whatsappplus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.