» pb204.exe
Overview
Analysis
File Details
Downloads (1)

pb204.exe

PictBear Second Edition

Fenrir Inc.

The executable pb204.exe, “PictBear Second Edition Setup” has been detected as malware by 13 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from pictbear.en.softonic.com.

File name:

pb204.exe

Publisher:

Fenrir Inc.

Product:

PictBear Second Edition

Description:

PictBear Second Edition Setup

Version:

1, 0, 0, 0

MD5:

56b1d976d1285f528de872e1b54374c5

SHA-1:

1a7188cd0566d526766abc30d63c28f51a845701

SHA-256:

c0095b05fd118dcdd3383aebc94c2e2d40cbdac5293f1379fdea419b61e74be8

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

12/28/2024 11:39:38 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

avast!

Win32:Sality

160204-3

AVG

Win32/Sality

2015.0.4477

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5530.0

Norman

Win32.Sality.3

18.01.2016 17:20:53

Sophos

Virus 'Mal/Sality-D'

5.23

VIPRE Antivirus

Threat.4721115

46800

File size:

3.5 MB (3,688,320 bytes)

Product version:

1, 0, 0, 0

Original file name:

PictBearSetup.exe

File type:

Executable application (Win32 EXE)

Language:

Japanese (Japan)

Common path:

C:\users\{user}\downloads\pb204.exe

File PE Metadata

Compilation timestamp:

8/21/2012 12:07:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

98304:Yz0eSckSa+aNmynIA6VMaJ96Rb7OYzsqUq3oPX4O:Ck5awI16RnOY7F3oZ

Entry address:

0x2977

Entry point:

60, 85, EF, 69, FE, E8, 9F, E5, 2E, F2, 88, CF, 8B, DD, 85, C9, 41, 8D, 0D, 73, A9, 6D, 2D, 2B, C9, 40, C6, C7, DD, 08, F2, F3, 23, FD, C6, C6, 70, 81, C1, CD, BA, 04, 00, 81, FA, 7F, 5F, 00, 00, 71, 05, 80, FF, 2A, 88, D4, 81, E9, CC, BA, 04, 00, EB, 02, B6, 49, 81, DA, 2D, 93, 08, CB, 76, 08, F3, 35, CD, 86, 23, 2A, 88, F4, 81, F9, 1F, 03, 00, 00, 0F, 86, BB, FF, FF, FF, 0F, BF, F8, FF, C8, 8A, C0, 72, 06, F7, C5, 8C, 34, CF, 4E, E8, 1C, 00, 00, 00, EB, 05, F3, 24, 97, FE, CA, 8B, FD, 0F, AF, FF, 85, DA... 
[+]

Entropy:

7.9796 (probably packed)

Code size:

28 KB (28,672 bytes)

The file pb204.exe has been seen being distributed by the following URL.

http://pictbear.en.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAOLEf/JLddIgeHAwy4WgrejnvbTN5/6DNyGnWvQhbQC7PobpWlH2hg5/kqGqnRS28279iiFxu vBKjAEyGoW079/.../rehEPHVQXvbEHGEVd7XsG5AJoEpOHQY60qA==

Remove pb204.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.