× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5a3b465b1dcc6017f1b81f3ee9cc0e62f5678e269f7ace2cd4e0707c7913dd5
File name: Setup.exe
Detection ratio: 0 / 60
Analysis date: 2019-05-19 14:03:35 UTC ( 1 day, 12 hours ago )
Antivirus Result Update
Acronis 20190518
Ad-Aware 20190519
AegisLab 20190519
AhnLab-V3 20190519
Alibaba 20190513
ALYac 20190519
Antiy-AVL 20190519
APEX 20190518
Arcabit 20190519
Avast 20190519
Avast-Mobile 20190519
AVG 20190519
Avira (no cloud) 20190519
Babable 20190424
Baidu 20190318
BitDefender 20190519
Bkav 20190518
CAT-QuickHeal 20190519
ClamAV 20190519
CMC 20190321
Comodo 20190519
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190519
Cyren 20190519
DrWeb 20190519
Emsisoft 20190519
Endgame 20190403
ESET-NOD32 20190519
F-Prot 20190519
F-Secure 20190519
FireEye 20190519
Fortinet 20190519
GData 20190519
Ikarus 20190519
Sophos ML 20190313
Jiangmin 20190519
K7AntiVirus 20190519
K7GW 20190519
Kaspersky 20190519
Kingsoft 20190519
Malwarebytes 20190519
MAX 20190519
MaxSecure 20190518
McAfee 20190519
McAfee-GW-Edition 20190518
Microsoft 20190519
eScan 20190519
NANO-Antivirus 20190519
Palo Alto Networks (Known Signatures) 20190519
Panda 20190519
Qihoo-360 20190519
Rising 20190519
SentinelOne (Static ML) 20190511
Sophos AV 20190519
SUPERAntiSpyware 20190514
Symantec 20190518
Symantec Mobile Insight 20190516
TACHYON 20190519
Tencent 20190519
TheHacker 20190516
TotalDefense 20190519
Trapmine 20190325
TrendMicro 20190519
TrendMicro-HouseCall 20190519
Trustlook 20190519
VBA32 20190517
ViRobot 20190519
Webroot 20190519
Zillya 20190517
ZoneAlarm by Check Point 20190519
Zoner 20190518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2019 WhatsApp

Product WhatsApp
Original name Setup.exe
Internal name Setup.exe
File version 0.3.2848
Description WhatsApp
Signature verification Signed file, verified signature
Signing date 5:59 PM 4/11/2019
Signers
[+] WhatsApp, Inc
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 12:00 AM 04/02/2019
Valid to 12:00 PM 04/06/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 183EE7FE57E25C3A9FADAE084C3B142018EC3E4B
Serial number 06 6A D7 CF F0 00 A2 F8 65 C8 47 34 F6 16 DE F1
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 PM 10/22/2013
Valid to 12:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 12:00 AM 10/22/2014
Valid to 12:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 12:00 AM 11/10/2006
Valid to 12:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-06-19 23:29:23
Entry Point 0x0000A18C
Number of sections 6
PE sections
Overlays
MD5 35c04ea84045b2fcab3cbe158c3d9589
File type data
Offset 140080128
Size 9648
Entropy 7.23
PE imports
RegCreateKeyExW
GetTokenInformation
RegDeleteValueW
RegCloseKey
OpenProcessToken
GetUserNameW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryValueExW
InitCommonControlsEx
GetStdHandle
WaitForSingleObject
EncodePointer
GetFileAttributesW
VerifyVersionInfoW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetEvent
GetExitCodeProcess
OutputDebugStringW
FindClose
TlsGetValue
MoveFileW
SetLastError
LoadResource
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
lstrcmpiW
VerSetConditionMask
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
LocalFileTimeToFileTime
GetCurrentThreadId
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
InitializeCriticalSectionEx
RtlUnwind
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTempFileNameW
CompareStringW
FindNextFileW
ResetEvent
FindFirstFileExW
GetTempPathW
CreateEventW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
WaitForSingleObjectEx
lstrlenW
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
FreeResource
IsValidCodePage
FindResourceW
CreateProcessW
GetOEMCP
VarUI4FromStr
SysFreeString
VariantClear
VariantInit
SysAllocString
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
PathIsUNCW
MessageBoxW
GetActiveWindow
LoadStringW
wsprintfW
CharNextW
ExitWindowsEx
DestroyWindow
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoCreateInstance
URLDownloadToFileW
Number of PE resources by type
RT_ICON 12
RT_GROUP_ICON 3
RT_STRING 2
RT_MANIFEST 1
FLAGS 1
DATA 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 21
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.3.2848.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
WhatsApp

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
139964928

SquirrelAwareVersion
1

EntryPoint
0xa18c

OriginalFileName
Setup.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2019 WhatsApp

FileVersion
0.3.2848

TimeStamp
2017:06:20 00:29:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup.exe

ProductVersion
0.3.2848

SubsystemVersion
6.0

OSVersion
6.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
WhatsApp

CodeSize
114176

ProductName
WhatsApp

ProductVersionNumber
0.3.2848.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 099cd3750fe3b0e305a4a303ffccfef4
SHA1 476f4a44778d625cf9d75b249f040b410cea4559
SHA256 a5a3b465b1dcc6017f1b81f3ee9cc0e62f5678e269f7ace2cd4e0707c7913dd5
ssdeep
3145728:nbRIbE0/yT74Ho4Xg/Gv4AsuQAk/Egkk3RnJn7fjO9zv6sDT:babE0/y+vX6IbsuG/Egj17fqNvD

authentihash 5e2a2bc3004e6289b42c1854259a69401d7e78b2bbaf7616cb1b3f812c2acfd6
imphash 87fc6516fba65969047534f1cda076d9
File size 133.6 MB ( 140089776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.7%)
OS/2 Executable (generic) (19.2%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2019-04-16 23:31:48 UTC ( 1 month ago )
Last submission 2019-04-17 10:38:33 UTC ( 1 month ago )
File names Setup.exe
WhatsAppSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!