Gridinsoft Logo
File Icon

The whats.exe (Setup Application) File Analysis

Technical Analysis

File Name whats.exe
File Type
Win32 EXE
Magic Bytes PE32+ executable (GUI) x86-64, for MS Windows
SSDEEP Hash
196608:CNESzoOoT8GyziDMqM4mUFBgFzBQDjMPDt7xqxWM/QstP4imicl69ppdJWs4dJ2k:sfz68FEeIgajMCxLQstIifHd4s4T2k
Scanner Version 1.0.177.174
Database Version 2024-05-26 11:00:34 UTC

Suspicious File Detected

Detected by 37 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
51%
Detection Rate
12,652,232
File Size (bytes)
37/72
Engines Detected
2024-05-26
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
ff9ad3e1150b2a99335ab5e295513062
SHA1
9ef477c731e01214f76e4f6161b2b09d92c4fc33
SHA256
b3f70a8027e35c91ad1a18f7176a29f755bba27b20ace5159e5b784c7dab4443
SHA512
5ffd609ba0e0d9b6b3aa029eca7083a1fce286a4f3db1dfefb114e48d33ce16fb1e53834c19a83c5909a1e71aa5f1668ac2760516770517805654397684b533b
ImpHash
6323d82b808d068b6ab4eaefb7c2594a

Security Engines with Detections (37 of 72)

Bkav
W32.Common.848213C6 Malicious
Lionic
Trojan.Win32.BadUpdate.b!c Malicious
AVG
Win64:Malware-gen Malicious
MicroWorld-eScan
Trojan.Generic.35913760 Malicious
CAT-QuickHeal
Trojandropper.Badupdate Malicious
ALYac
Trojan.Generic.35913760 Malicious
Zillya
Dropper.BadUpdate.Win32.21 Malicious
Alibaba
TrojanDropper:Win32/BadUpdate.b80e42c4 Malicious
Paloalto
generic.ml Malicious
Symantec
ML.Attribute.HighConfidence Malicious
ESET-NOD32
Win32/Agent.AFUG Malicious
Avast
Win64:Malware-gen Malicious
Kaspersky
Trojan-Dropper.Win32.BadUpdate.fv Malicious
BitDefender
Trojan.Generic.35913760 Malicious
Tencent
Malware.Win32.Gencirc.11bec4ba Malicious
Emsisoft
Trojan.Generic.35913760 (B) Malicious
F-Secure
Trojan.TR/Agent.rdwoo Malicious
VIPRE
Trojan.Generic.35913760 Malicious
McAfeeD
ti!B3F70A8027E3 Malicious
FireEye
Trojan.Generic.35913760 Malicious
Sophos
Mal/Generic-S Malicious
Ikarus
Trojan.Agent Malicious
GData
Trojan.Generic.35913760 Malicious
Jiangmin
Trojan.Agent.dsze Malicious
Varist
W64/ABRisk.EZLT-4801 Malicious
Avira
TR/Agent.rdwoo Malicious
MAX
malware (ai score=87) Malicious
Arcabit
Trojan.Generic.D2240020 Malicious
ZoneAlarm
Trojan-Dropper.Win32.BadUpdate.fv Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
Google
Detected Malicious
VBA32
TrojanDropper.BadUpdate Malicious
Panda
Trj/Chgt.AD Malicious
Rising
Trojan.MalCert!1.F9F7 (CLASSIC) Malicious
Fortinet
W32/Agent.AFUG!tr Malicious
DeepInstinct
MALICIOUS Malicious
alibabacloud
Trojan:Win/Agent.A#WW Malicious
35 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: cb7b3d431a3107c87fe45296e8df5286
Fuzzy: a79372feadc19d689821a88fe1cbc4aa
dHash: 8c3349d8d46c3488
Image Base 0x140000000
Entry Point 0x140002d0c
Compilation Time 2011-07-26 19:25:48
Checksum 0x00c16840 (Actual: 0x00c16840)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature OK
Imports 4 libraries
KERNEL32, USER32, ADVAPI32, SHELL32
Exports 0 functions
Resources 12 Resources
Sections 6 Sections

Version Information

Comments Created with Setup Factory
FileDescription Setup Application
FileVersion 9.0.3.0
InternalName suf_launch
LegalCopyright Setup Engine Copyright © 2004-2011 Indigo Rose Corporation
LegalTrademarks Setup Factory is a trademark of Indigo Rose Corporation.
OriginalFilename suf_launch.exe
ProductName Setup Factory Runtime
ProductVersion 9.0.3.0
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 25,027 bytes 25,088 bytes 6.24 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 8A942E696A47723F5A85647143942537
.rdata 0x00008000 14,664 bytes 14,848 bytes 4.72 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E58B99DB2AAB60A2F9695C0381BF5BBE
.data 0x0000c000 8,704 bytes 4,096 bytes 2.24 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9DDBC78EE2D859A7EB37E5BA77FD5C46
.pdata 0x0000f000 1,488 bytes 1,536 bytes 4.22 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 9F1B44A2928B47CB96F4727433B95661
.rsrc 0x00010000 300,884 bytes 301,056 bytes 3.49 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ D38C48002DD023129A2259B144F58174
.reloc 0x0005a000 990 bytes 1,024 bytes 3.55 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3E80CB8268ADC697616A87179E434AE9

Resource Analysis

Total Resources: 12 (300,191 bytes)
Resource Type Count Total Size Percentage
RT_ICON 9 298,024 bytes
99.3%
RT_GROUP_ICON 1 34 bytes
0%
RT_VERSION 1 992 bytes
0.3%
RT_MANIFEST 1 1,141 bytes
0.4%

Certificate Chain Analysis

Certificate Information
Product Setup Factory Runtime
Description Setup Application
File Version 9.0.3.0
Original Name suf_launch.exe
Signing Date 02:12 AM 05/10/2024 (451 days ago)
Verification Status Signed
Signers F.Mountain South Sea Xuaezio Tour Trade Co., Ltd.; GlobalSign GCC R45 EV CodeSigning CA 2020; GlobalSign Code Signing Root R45
Counter Signers Globalsign TSA for CodeSign1 - R6 - 202311; GlobalSign Timestamping CA - SHA384 - G4; GlobalSign Root CA - R6
Internal Name suf_launch
Copyright Setup Engine Copyright © 2004-2011 Indigo Rose Corporation
Certificate Chain Summary
COMODO Time Stamping Signer #1 Primary
Validity Period: 2010-05-10 00:00:00 → 2015-05-10 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 47 8A 8E FB 59 E1 D8 3F 0C E1 42 D2 A2 87 07 BE
Indigo Rose Software Design Corporation #2 Chain
Validity Period: 2011-03-01 00:00:00 → 2014-02-28 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 73 6F 48 4C 38 26 9B F8 C4 42 73 1C 1F AC A3 ED
GlobalSign GCC R45 EV CodeSigning CA 2020 #3 Chain
Validity Period: 2020-07-28 00:00:00 → 2030-07-28 00:00:00
Signature Algorithm: sha256RSA
Serial Number: 77 BD 0E 05 B7 59 0B B6 1D 47 61 53 1E 3F 75 ED
F.Mountain South Sea Xuaezio Tour Trade Co., Ltd. #4 Chain
Validity Period: 2024-03-19 08:32:27 → 2025-03-20 08:32:27
Signature Algorithm: sha256RSA
Serial Number: 2E A4 2D 1D 92 D6 57 F6 10 1F CD DC
Globalsign TSA for CodeSign1 - R6 - 202311 #5 Chain
Validity Period: 2023-11-07 17:13:40 → 2034-12-09 17:13:40
Signature Algorithm: sha256RSA
Serial Number: 01 9B EA DE C8 4D 6B 8F F7 6C 3A 9F 2E 01 24 16
GlobalSign Timestamping CA - SHA384 - G4 #6 Chain
Validity Period: 2018-06-20 00:00:00 → 2034-12-10 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 01 EC 1C 92 40 DE FD 2E 40 5D 7C 47 74
GlobalSign #7 Chain
Validity Period: 2014-12-10 00:00:00 → 2034-12-10 00:00:00
Signature Algorithm: sha384RSA
Serial Number: 45 E6 BB 03 83 33 C3 85 65 48 E6 FF 45 51

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
37 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware