» faststone_capture_portable_multiversion_en_online.exe
Overview
Analysis
File Details
Downloads (1)

faststone_capture_portable_multiversion_en_online.exe

FastStone Capture Portable

PortableAppZ.blogspot.com

The executable faststone_capture_portable_multiversion_en_online.exe has been detected as malware by 37 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from s34.filefactory.com.

File name:

Publisher:

PortableAppZ.blogspot.com

Product:

FastStone Capture Portable

Version:

0.0.0.0

MD5:

3bb17ad6b355acb621d3e793903e9687

SHA-1:

6ea0d6f27e466580463668df795a5f02cd7f9420

SHA-256:

f8d584a1820e820c05c30e28229ae9e0d3a14e00b5510d027ab488ee5054dff0

Scanner detections:

37 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

2/26/2025 12:35:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5728603

Agnitum Outpost

Win32.Sality.BL

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.11.06

Avira AntiVirus

W32/Sality.AT

7.11.30.172

Arcabit

Win32.Sality.3

1.0.0.590

avast!

SaliCode

151028-1

AVG

Win32/Sality

2015.0.4355

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15116

Bitdefender

Win32.Sality.3

1.0.20.1550

Bkav FE

W32.Sality.PE

1.3.0.7383

Comodo Security

Virus.Win32.Sality.gen

23539

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

G Data

Win32.Sality

15.11.25

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.212.17767

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Trojan.Artemis!8394BD6A6A81

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.209.1783.0

MicroWorld eScan

Win32.Sality.3

16.0.0.930

NANO AntiVirus

Virus.Win32.Sality.beygb

0.30.26.4437

Norman

Win32.Sality.3

07.10.2015 03:16:12

nProtect

Virus/W32.Sality.D

15.11.06.01

Panda Antivirus

W32/Sality.AA

15.11.06.07

Quick Heal

W32.Sality.U

11.15.14.00

Rising Antivirus

PE:Virus.Sality!1.A09C [F]

23.00.65.151104

Sophos

Virus 'Mal/Sality-D'

5.20

Total Defense

Win32/Sality.AA

37.1.62.1

Trend Micro House Call

PE_SALITY.RL

7.2.310

Trend Micro

PE_SALITY.RL

10.465.06

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.4

VIPRE Antivirus

Threat.4721115

45020

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.2496

File size:

647.3 KB (662,822 bytes)

Product version:

0.0.0.0

Bernat

Trademarks:

PortableAppZ is a Trademark of Bernat

Original file name:

FSCapturePortable.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\faststone_capture_portable_multiversion_en_online.exe

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:QpCZemronfb4DdH2SCYsXsy4j8rGZCnsLR/svxrypb10qtI5U6ffIhr:QpCGfbMdH7hjj8CZb90pyYqtH2ar

Entry address:

0x323C

Entry point:

69, FD, C4, C3, 62, 11, 87, E8, 81, C0, 11, B9, 8A, 29, FF, C7, 8B, CA, 85, CF, 0C, 96, 86, FD, 0F, BF, D8, 85, EB, 0F, AF, EE, 81, EB, C3, BE, F1, CD, E8, 00, 00, 00, 00, 2B, C0, 85, F8, F6, C6, 50, EB, 07, FE, C9, 85, D7, 80, FF, A4, FE, CE, FE, C9, 05, 10, 0E, 00, 00, 0F, BF, D1, 81, F9, FD, AC, AA, FF, 2D, 0F, 0E, 00, 00, 86, FB, 69, EA, E0, 46, 44, 43, 0F, AF, D3, 0F, AF, CB, 0F, B7, E9, 69, F0, 64, 05, FC, 19, 89, F6, BB, 51, C3, 22, 69, 3D, F1, 07, 00, 00, 0F, 8C, B2, FF, FF, FF, 5B, 76, 03, F2, 12... 
[+]

Entropy:

7.9479 (probably packed)

Code size:

23 KB (23,552 bytes)

The file faststone_capture_portable_multiversion_en_online.exe has been seen being distributed by the following URL.

http://s34.filefactory.com/get/f/deuxhjgdcxb/.../FastStone_Capture_Portable_MultiVersion_En_Online.exe

Remove faststone_capture_portable_multiversion_en_online.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.