gifview.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 205.196.121.133 and multiple other hosts.
Version:
3, 3, 2, 0

MD5:
69985a76dabe8b7f166d722128fe9e45

SHA-1:
7425e31d693f2574b0734e6672f3b880325d5a69

SHA-256:
06aaf651e6217d309161a19574eaf4fa47e8c2841e8cca1b93bce630b9eb8137

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/23/2024 8:37:41 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.FamifoxA.Trojan
1.3.0.4613

Comodo Security
TrojWare.Win32.Buzus.jkdw
17623

K7 AntiVirus
Trojan
13.175.10867

File size:
325.7 KB (333,551 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\gifview.exe

File PE Metadata
Compilation timestamp:
12/17/2009 7:42:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:vCxOET2PRA8A3bLeQh81uhTx8+WYbwWVJqjhLzgAmw7VFyJ4ISrVJmZb9:v1PO8MeQh81uhNmq+jhfgKBCpZb9

Entry address:
0xB51C0

Entry point:
60, BE, 00, 30, 47, 00, 8D, BE, 00, E0, F8, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
268 KB (274,432 bytes)

The file gifview.exe has been discovered within the following program.

Freecorder 5  by Applian Technologies Inc.
Freecorder 5 bundles a branded version of the Conduit Toolbar, which delivers search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar. Once accepted, the packaged executable, ConduitInstaller.
applian.com
31% remove it
 
Powered by Should I Remove It?

The file gifview.exe has been seen being distributed by the following 11 URLs.

http://205.196.121.133/6gdy9mpoa3bg/.../gifview.exe

http://199.91.152.79/n1fxc1fobzag/.../gifview.exe

http://205.196.123.32/ikiigsm0bbqg/.../gifview.exe

http://199.91.152.79/y7tz34txh95g/.../Gif View by Zullord.exe

Scan gifview.exe - Powered by Reason Core Security