allods_pl.exe

gPotator

Gala Networks Europe Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from file.gpotato.eu.
Publisher:
Gala Networks Europe Ltd  (signed and verified)

Product:
gPotator

Version:
1.0.0.1

MD5:
dd556ab7925f4ee5493e50c3f6777f03

SHA-1:
8a95c0cff502c03f50adc3c866a2f7e127144205

SHA-256:
6353205c60e13fdbd0519665c0f0301db879964867aa70f3299e13af957ca911

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 12:37:59 AM UTC  (today)

File size:
678.8 KB (695,128 bytes)

Product version:
1.0.1.0

Original file name:
GPotator.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\allods_pl.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/25/2011 1:25:53 PM

Valid to:
2/18/2014 5:02:49 PM

Subject:
CN=Gala Networks Europe Ltd, OU=IT, O=Gala Networks Europe Ltd, L=Dublin, S=Leinster, C=IE

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27FD010033CA57

File PE Metadata
Compilation timestamp:
6/19/2012 10:46:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:vcgjyQWmkcoQR6INEcsvuGQ2FODd9auJob2wRObvYODkDn9yen1XXXXXXXXXXXXr:4QhR6IGFqd9auyObvYwkDUenWi

Entry address:
0x2C315

Entry point:
E8, 7F, 78, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 10, D9, 47, 00, 75, 02, F3, C3, E9, 01, 79, 00, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, B5, 40, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 14, 13, 00, 00, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74, DC, 56, 89, 45, E8, 89, 45, E0, 8D, 45, 10, 50, 53, FF, 75, 0C, 8D, 45, E0, 50, C7, 45, E4, FF, FF, FF, 7F, C7, 45, EC, 42, 00, 00, 00, E8, 5E, 7B, 00, 00, 83, C4, 10, FF, 4D, E4, 8B, F0, 78, 07, 8B, 45, E0...
 
[+]

Code size:
395.5 KB (404,992 bytes)

The file allods_pl.exe has been seen being distributed by the following URL.

Scan allods_pl.exe - Powered by Reason Core Security