photoscape_v3.7.exe

PhotoScape

The executable photoscape_v3.7.exe has been detected as malware by 9 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from photoscape.joydownload.com.
Product:
PhotoScape

Version:
1.0.0.0

MD5:
caea76e6588649915b73933f780e0910

SHA-1:
38dca130fa022227397317b94b2396d88ab80848

SHA-256:
aceb9f7e5e8f769995598f86d6733fe030648709145b6cb2fa3dd9b406bcb0d6

Scanner detections:
9 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
12/28/2024 1:39:15 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160326-0

AVG
Win32/Sality
2015.0.4542

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
11.5.0.6191

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Trojan.Artemis!8E666F0CBA46
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.656.0

File size:
568.8 KB (582,464 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\photoscape_v3.7.exe

File PE Metadata
Compilation timestamp:
5/20/2013 6:52:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:RQuKFIXoR4GlVZKZd994DcbIzHYc/Um00LL:yuK6gcZZ4DkAYc/UH0LL

Entry address:
0x331F

Entry point:
02, EE, 84, DB, 80, F0, 0F, 69, FE, A9, 46, 3F, FB, 8A, C5, 85, F6, 8B, EF, 81, F3, 75, 9E, 0B, 87, 0F, B7, FB, 25, BA, A9, AA, A1, 8A, D0, E8, 18, 00, 00, 00, B5, 04, FE, C4, 87, C3, F3, 8D, 3D, 32, 43, 00, 00, BA, E3, 17, 0B, 2B, 81, EF, 75, 05, 00, 00, 38, FC, 69, D8, E7, 0D, 06, CA, 8D, 05, F0, 06, 2F, 3B, FE, CB, 18, F7, 8D, 2D, A7, 95, B2, 47, 0F, AF, EF, 8B, FE, 1C, B6, 09, FB, 86, FB, 8D, 37, 48, F3, 69, DE, 44, 47, C8, 1A, FE, CC, 8D, 1D, 3D, 73, EC, 91, 56, 89, F7, 59, 3B, FF, F7, C7, 51, 41, 61...
 
[+]

Entropy:
7.8497  (probably packed)

Code size:
24 KB (24,576 bytes)

The file photoscape_v3.7.exe has been seen being distributed by the following URL.

Remove photoscape_v3.7.exe - Powered by Reason Core Security