irfanview_plugins_435_setup.exe

IrfanView Installer

Irfan Skiljan

This is a setup and installation application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
Irfan Skiljan  (signed and verified)

Product:
IrfanView Installer

Version:
4.35

MD5:
4a240dc60337ceced5d5dbc4f375ca16

SHA-1:
d2c65ef987f324acd4ba56429a689f9c0160bf4e

SHA-256:
7ec2974272c8a8a45c1f9cd34562b7f4beb84b2fd3fdd0290961b85575d4d558

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 3:56:08 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Trojan.Win32.Generic.15201FDC!354426844
23.00.65.14316

File size:
9.9 MB (10,328,776 bytes)

Product version:
4.35

Copyright:
Copyright © 2012 by Irfan Skiljan, Austria

Original file name:
irfanview_plugins_435_setup.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\downloads\irfanview_plugins_435_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/18/2012 2:00:00 AM

Valid to:
7/19/2013 1:59:59 AM

Subject:
CN=Irfan Skiljan, O=Irfan Skiljan, POBox=PO Box 48, L=Wiener Neustadt, S=NOE, PostalCode=2700, C=AT

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4AAD33DAFC339E45E55F11ACE347D6C8

File PE Metadata
Compilation timestamp:
11/8/2012 1:56:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:cj1DJjpPHzTCycG1ZncDG5eOq79BHLoVR/6ksoXvf94SxXmmxyRWp+WAxsFB9:cj1D9pP9tH5cRLoWNoffxXryRUXgsH9

Entry address:
0xC3F8B0

Entry point:
60, BE, 00, A0, 66, 00, 8D, BE, 00, 70, D9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
9.8 MB (10,313,728 bytes)

The file irfanview_plugins_435_setup.exe has been discovered within the following program.

SnapPea  by Wandou Labs
The software currently distributes the app through the OpenCandy monetization platform which is known to distribute adware.
snappea.com
25% remove it
 
Powered by Should I Remove It?

The file irfanview_plugins_435_setup.exe has been seen being distributed by the following 18 URLs.

http://gsf-cf.softonic.com/d2c/65e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=36492&instance=softonic_es&type=PROGRAM&Expires=1481949460&Signature=LeIugQiPRbp4J-6oeG59SQPtjr6uSm1uiJXe~OATpcvZsL~fGP4o21cCDHMdjvgUlbZissOjtCUud4-EECIhSSGzQ0AbEtbOrVJeWRoe2Xq6VUaNt0i7G4y~J7g12xCEeqzFua242Utmjq2xn1uzQhHMVZ0Dg2qAG~fPA5K9fZs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=irfanview_plugins_435_setup.exe

http://fileforum.betanews.com/sendfile/1099412658/1/.../irfanview_plugins_435_setup.exe

http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTQ2NzI1MjAyMTtzOjI6ImlkIjtpOjk4MDg7czo0OiJmaWxlIjtzOjMxOiJpcmZhbnZpZXdfcGx1Z2luc180MzVfc2V0dXAuZXhlIjtzOjM6InVybCI7czo1NjoiaHR0cDovL3d3dy5vbGR2ZXJzaW9uLmNvbS93aW5kb3dzL2lyZmFudmlldy00LTM1LXBsdWdpbnMiO3M6NDoicGFzcyI7czozMjoiZDFlMTBmMjU2MjA3MzZkMzczMDU5NWZhZGEwZjQ4NzciO30=

http://www.djvu.com.pl/download/.../irfanview_plugins_435_setup.exe

Scan irfanview_plugins_435_setup.exe - Powered by Reason Core Security