gallery.exe

The executable gallery.exe has been detected as malware by 32 anti-virus scanners. The file has been seen being downloaded from www.capitalheartlaboratory.com and multiple other hosts.
MD5:
9ab5696c564016ed77d4126abd3d33cc

SHA-1:
9db1295ee505f85af753b1d364ea682e59777c5b

SHA-256:
0cf264a2210c6e68facb98bc2ca92016613357cb23a18e1196479d5c43fc7eff

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
11/24/2024 2:27:36 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.KillFiles
7.1.1

Avira AntiVirus
W32/Delf
7.11.112.250

avast!
Win32:Delf-TJJ [Trj]
2014.9-151128

AVG
Delf
2016.0.2912

Baidu Antivirus
Trojan.Win32.KillFiles
4.0.3.151128

Bitdefender
Trojan.Generic.8698094
1.0.20.1660

Bkav FE
W32.OnGameERALXAAC.Trojan
1.3.0.4415

Clam AntiVirus
Win.Trojan.Delf-1715
0.98/18155

Comodo Security
TrojWare.Win32.Agent.QJF
17255

Dr.Web
Win32.HLLC.Shortcut.origin
9.0.1.0332

Emsisoft Anti-Malware
Trojan.Generic.8698094
8.15.11.28.09

ESET NOD32
Win32/Delf.QJF
9.9034

Fortinet FortiGate
W32/Renamer.BQT!tr
11/28/2015

F-Secure
Trojan.Generic.8698094
11.2015-28-11_7

G Data
Trojan.Generic.8698094
15.11.22

IKARUS anti.virus
Trojan-Dropper.Delf
t3scan.2.0.127

Kaspersky
Trojan.Win32.KillFiles
14.0.0.1053

McAfee
Generic-FAEK!9AB5696C5640
5600.6568

Microsoft Security Essentials
Trojan:Win32/Soriam.A
1.163.1557.3

MicroWorld eScan
Trojan.Generic.8698094
16.0.0.996

NANO AntiVirus
Trojan.Win32.KillFiles.bbxdhn
0.26.0.56179

Norman
Renamer.M
11.20151128

nProtect
Worm/W32.FileInfector.533504
13.11.11.01

Quick Heal
W32.Soriam.A
11.15.12.00

Rising Antivirus
Trojan.Win32.Renamer.g
23.00.65.151126

Sophos
W32/Renamer-K
4.94

SUPERAntiSpyware
Trojan.Agent/Gen-Delf
9480

Total Defense
Win32/Tapi.C
37.0.10498

Trend Micro House Call
TROJ_AGENT_011979.TOMB
7.2.332

Trend Micro
TROJ_AGENT_011979.TOMB
10.465.28

Vba32 AntiVirus
Trojan.Delf
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
23278

File size:
521 KB (533,504 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\gallery.exe

File PE Metadata
Compilation timestamp:
10/13/2000 1:27:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:lL8ozML5h8Sxm1IzGUG+v2+7g7QYvwf4gzv4gg+:DAf8Sxm1ISUZv2+CLvwBj0+

Entry address:
0x71814

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, C0, 0C, 47, 00, E8, 43, 5A, F9, FF, 8B, 1D, 30, 43, 47, 00, 8B, 03, E8, C2, 6F, FE, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, F7, 8C, FE, FF, 8B, 0D, 5C, 42, 47, 00, 8B, 03, 8B, 15, 8C, 09, 47, 00, E8, B8, 6F, FE, FF, 8B, 0D, 68, 43, 47, 00, 8B, 03, 8B, 15, 48, 04, 47, 00, E8, A5, 6F, FE, FF, 8B, 03, E8, 1E, 70, FE, FF, 5B, E8, C0, 38, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5946

Developed / compiled with:
Microsoft Visual C++

Code size:
450.5 KB (461,312 bytes)

The file gallery.exe has been seen being distributed by the following 12 URLs.

http://www.capitalheartlaboratory.com/TjRuvaImeRM6DM6g9xCZANOPtApfj2SGgrC_5ri0mt7F7obvVgHYkgJYGNFiHV56YslVWKM6NmEOMPw5mtW3xOiyHo1y6047aqR2ISTg6njxVCLfxootrRRTwpnzCdst48s1Y5er5QZuHmksG2uh7JBAeD3p7mYxo7j7iaeCIi1I6EQsTH2W4BOQAYWf58l1cPU6NN6wzvfMHgwZ00ioMDlhR5OqFdWLxToCoH5WtEASiJyZQDFajohEnvzIHkBcihBtNFLfPODwanP0VLQqK0i8PW1 6f2uryBdvL9O3xwkcCkeQSph292Bo9UfI703f4IMOJPZkH4LK 0SKH5G6jjHo2QbTfvX3Pa10V8EaiyHQEkhMLOcucASQc24TQeHWSo_kSfvJ32289jrhOpcXya4fiZBtSb r 441irqmY875b85IWU=-GzwAAMQphxYEHSkIvm_RwSEHDu1BoIElEOyAjdkVB298m_ZKKByMQBMTKqr6Bn4D-e

http://www.capitalheartlaboratory.com/9NeUhZNeehUY4VhW_T4O6cS0rSiGoz7t 7LLIVF2mNPYbTxOX8JPxpYM6 6gFGCdFXUf7d_fxe5OkWzn4Tpp8lDVc4VVJMY9Zq2wGFpm6EFPeP7iYE_isF6FBWf5iVIV_g8ffKF6GAyX__9AAtyWdFkk06DHnEhK3gKt5ojTtKWeXuO2HGFZceivR MQNy6N30R4nFEu37ocwBvmdAK7Rw5lANSgwa4CnfCmJin oOmlrkWMHUZa2dk3fum7o4z69k7UlsXnCxlF36No 5WcFSoHLdpF2URo4Q BjrBZaVXo4TWQxaSpaGqjSB3CP5PQYmqCuOj1pUzyLpvweZ7tKSa6tBV86gEghSE37wr7fp7lYAu8R mHuoga4tUT8V1dX7UHkQL FJx0AMGi4QYdXzxY0wnJ Q==-ixGAaHR0cDovL3d3dy5jYWRrYXMuY29tL3BkZnJlYWRlciEuZXhlAw==-e

http://www.karaoke5.com/karaoke5.exe

http://www.capitalheartlaboratory.com/v7J4nVi3xONvPNeoaOyUWU0F6p_zVPXEQ5lvk2w8QNHpWuRoVs26LTm03j4g1LsEWo2 ic4XOv9deXQxFueW0qj7ObMPFBUgL80mAm_uB5tr1bHrP7GMp8NlkYF1HZkjYyfrQjnk0aFF_HZPLwTgwMjkZxI26k3QTQ0tL5vDd8HsWRgP8ijIFxhX9lmXJR 5lvXmDwl01nuomyPcDkOYFep3MfijMwVNQoAJlZZ6GFlFShC_IXEcrjP0xoH1fvh84D3qCpmdzb0Zbc_CGqaFeV_QLzw0MSCIEwg6_hSMdXDvtO4cqI0EgHqWvqGGVwNjO5skyxiRN9EzLgAARRREm5g_W4qXh7KKyunr5gAnuZ8LQXDSd9BjtOONyxOsqk7zcisGG4kKgUjBL4aHMHaq anDjMXgOO6etE_Anil0NgDBSFGpUoE=-GzsAAEQ3F5NDEUFLsMRpPJyHg0NONfd20ILEgg04goL0qbGJ4nCxM4 KUZ1K_xTV5ZWEQa8C_AQ=-e

http://www.stocktagfiles.com/WVl6OTRQVUp5YXpaNFdrY2xNa1pGUTFFd1IwUnhOR2QxVjNGdU9ETmFTMUpFWVRObVFVZ3pXVVV4Tm5GclFYWjZZeVV6UkNaalBXTk1hbmxFTUdsNlJIUnlaVTV1ZFNVeVJtMUVjMEZNVUZKTVpXZDNRWEY2UnpZbE1rWkxTaVV5Um5wak1FZEZSMk5YUTNOeFNFcHpSaVV5Um1GUE5teGpjRE5TYm10UVVXOXliRWx4ZVNVeVFsVlNWR28zVjBnMmFGbFRaRTU2U2paTlpURlhka1JIYUV4eVFVaFRlRXBCVEVWVFIzSnVZbFpRYzBGMVV6bFhORllsTWtKNlJEZE9Oa2RVSm1aaGJHeGlZV05yWDNWeWJEMW9kSFJ3SlROaEpUSm1KVEptWTJSdUxtVjRZMlZrYVhWdGQyRnNiQzVqYjIwbE1tWklSRjlRYkdGNVpYSmZVMlYwZFhBdWVtbHdKbVJ2ZDI1c2IyRmtRWE05U0VSV2FXUmxiMUJzWVhsbGNpNWxlR1U9

http://www.downloadappsbundles.com/0n272FN5V61qHcT_sAj1M9NctHW7x 16ubfbUk9TW_ lpqxBFJWkrDHagngQfwYGXs0YfCzMCc4kaRUAG1TeU3e6iQK3MF At cpi2Z4nUrl7TQD86K9TC3ZfmQlVvJHOeJERrORChe_wL88PXcjt2ZAERK14GesBfc4ylA5GJMlAeYkYgRJEvJpAMmz5nLN8XYymWXxt2shP3KlLOPospvQqYidRJlY4TSg_Vl7gebN1EBqSGsMM7m1bCkkH1oYot2hQzPUU Aza34DtNqsf_sLK3JIlCttnxFGes_4pX7DoRimke1CMrHyomQ x2N8ZRwFBNa1fQ6NcY5Mf3caSEtujILFN7xLqt_CkseWOqiuAO47N0Js EvgYAMeTdW5ArZeqz_CnjIajKc8shCwxbrUm0HAjYbTA2wwTuQ6RQ3m5jQ92rcuSQPdlq839XVQB2TiIsIrsvgPskeEvGtMv_zFUqZ3VIIdZtE3Yq1d03Ttwov9Pl63QXArIB4uqYbaKd_DuBipG51HQS ySyVRNwhkQV2S0ygbzQGz83ZA5G7pJt57 kWG5oEeBgVUvWIppF3t008T3y8QDcOJRYNCVDOn3H2cMgF6X41eZsfzsjrJIquuhIFCCBVnJfxeNYDfy fA2wdxq4exVkkQw9sEW3JSPDeV2mPO 73POPOXytBSUgibu_xSnxX4dXmxOjlVmgQmmQFFpOCXeyKBmQfFZ2IpgyRVm XLQXcr3l1c1nu1Y8vCnFbNqHza tEiiFiwIHiU Ycqyc5AbLk7JRaohWlzDMhz9aZNlXQpo tWuyEJl2N6KLIKNG4mnGReqp_Ky6jKPrlM2EF1DqHusovJpE8QknjbVc0n2eemV92u2yf3a3yCQv4FJRb7ZLIQJZtMlocwH2K8 zwOOcQ4jVT6jBNtllK6eaFu5OhXiQdt09T2Uo3TegdVuZwZl9MXcIz6c2u52

Remove gallery.exe - Powered by Reason Core Security