home

portable_partitionguru_pro_3.5.0.exe

The executable portable_partitionguru_pro_3.5.0.exe has been detected as malware by 5 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cmail.daum.net and multiple other hosts.
Version:
3, 2, 8, 1

MD5:
8be14523a8862b1caa98e218acc94958

SHA-1:
c8ef028db2c37b4bbc0b3659aa0708558d5f71f8

SHA-256:
6814d9f8fb80420b7f312cc2c4d6a3905c79ffd71ca47a9563fd44401736a214

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/24/2024 2:50:24 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic7_c
2016.0.3029

McAfee
Artemis!8BE14523A886
5600.6685

Norman
Smallworm.FQWA
11.20150802

Rising Antivirus
PE:Worm.Win32.Autorun.txu!1075356047
23.00.65.15731

VIPRE Antivirus
Trojan.Win32.Generic
40432

File size:
6.5 MB (6,769,923 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\portable_partitionguru_pro_3.5.0.exe

File PE Metadata
Compilation timestamp:
9/10/2007 11:57:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
196608:be7k1bSAfCaSAd9tKjwEHl4mRSAIwGuJPy+x+ACN3b:b7c3DUEjZlbwj+x+bb

Entry address:
0x5282D

Entry point:
E8, 58, B1, 00, 00, E9, 17, FE, FF, FF, B8, AB, E4, 45, 00, A3, 38, 4E, 47, 00, C7, 05, 3C, 4E, 47, 00, A7, DB, 45, 00, C7, 05, 40, 4E, 47, 00, 65, DB, 45, 00, C7, 05, 44, 4E, 47, 00, 99, DB, 45, 00, C7, 05, 48, 4E, 47, 00, 0F, DB, 45, 00, A3, 4C, 4E, 47, 00, C7, 05, 50, 4E, 47, 00, 25, E4, 45, 00, C7, 05, 54, 4E, 47, 00, 25, DB, 45, 00, C7, 05, 58, 4E, 47, 00, 8F, DA, 45, 00, C7, 05, 5C, 4E, 47, 00, 1E, DA, 45, 00, C3, E8, 9B, FF, FF, FF, E8, 90, BC, 00, 00, 83, 7C, 24, 04, 00, A3, D4, 6A, 47, 00, 74, 05...
 
[+]

Entropy:
7.9283  (probably packed)

Code size:
399 KB (408,576 bytes)

The file portable_partitionguru_pro_3.5.0.exe has been seen being distributed by the following 2 URLs.

https://cmail.daum.net/v2/mails/g0000000006vPSo/attachments/MjoxLjM6MTQ1ODQ3NDo5MjY0MTA0OmFwcGxpY2F0aW9uL3gtZG9zZXhlYzpiYXNlNjQ6ZkluMmpjUW1yTElua3VuT09UUlVQQQ/.../Portable_PartitionGuru_Pro_3.5.0.exe

http://cfile4.uf.tistory.com/.../2327743A551DE5DC2DD651

Remove portable_partitionguru_pro_3.5.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.