prize_code.scr

Pidgin

Daniel Atallah

The file prize_code.scr has been detected as malware by 18 anti-virus scanners.
Publisher:
Daniel Atallah  (signed and verified)

Product:
Pidgin

Version:
2.10.12.

MD5:
32b0e0460db62ff1676d0fac07890362

SHA-1:
a13c6f059106164b8df72a9d4ded02b59b4a0f32

SHA-256:
de72172af07bcc7797e9a9f145619302c476362ffb6c7ceae5cb955dd03ee0bb

Scanner detections:
18 / 68

Status:
Malware

Analysis date:
12/25/2024 5:21:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
AIT:Trojan.GenericTKA.129
355

AegisLab AV Signature
W32.W.AutoRun
2.1.4+

Avira AntiVirus
TR/Agent.1462364
8.3.2.4

Arcabit
AIT:Trojan.GenericTKA.129
1.0.0.653

Bitdefender
AIT:Trojan.GenericTKA.129
1.0.20.225

Emsisoft Anti-Malware
AIT:Trojan.GenericTKA.129
8.16.02.14.06

ESET NOD32
Win32/Injector.Autoit.CBO (variant)
10.12992

Fortinet FortiGate
W32/Reconyc.FEKT!tr
2/14/2016

F-Secure
AIT:Trojan.GenericTKA.129
11.2016-14-02_1

G Data
AIT:Trojan.GenericTKA.129
16.2.25

IKARUS anti.virus
Trojan.Win32.Reconyc
t3scan.2.0.6.0

Kaspersky
Trojan.Win32.Reconyc
14.0.0.661

McAfee
Artemis!32B0E0460DB6
5600.6489

MicroWorld eScan
AIT:Trojan.GenericTKA.129
17.0.0.135

NANO AntiVirus
Trojan.Script.Agent.dzyotx
1.0.14.5798

Panda Antivirus
Generic Suspicious
16.02.14.06

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1120

VIPRE Antivirus
Trojan.Win32.Generic
47050

File size:
1.4 MB (1,462,364 bytes)

Product version:
2.10.12.

Copyright:
Copyright (C) 1998-2010 The Pidgin developer community (See the COPYRIGHT file in the source distribution).

Original file name:
iFZKBHe.exe

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\prize_code.scr

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
9/11/2014 12:36:56 AM

Valid to:
9/11/2016 1:37:54 AM

Subject:
E=datallah@pidgin.im, CN=Daniel Atallah, L=Holland, S=Michigan, C=US

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
1015

File PE Metadata
Compilation timestamp:
12/24/2008 1:00:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:2po/2+ttPJLfpRK+Q1kncz152h6AAl9fBp6QHI7HSFP:ve2PJLa+Q115IEl952E

Entry address:
0x17770

Entry point:
E8, C4, AF, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 88, DA, 47, 00, 8B, 09, 83, 60, 08, 00, 89, 48, 04, 5D, C2, 08, 00, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, F1, C7, 06, 88, DA, 47, 00, 8B, 43, 08, 89, 46, 08, 85, C0, 8B, 43, 04, 57, 74, 31, 85, C0, 74, 27, 50, E8, EF, D3, FF, FF, 8B, F8, 47, 57, E8, 10, D3, FF, FF, 59, 59, 89, 46, 04, 85, C0, 74, 18, FF, 73, 04, 57, 50, E8, F2, AF, 00, 00, 83, C4, 0C, EB, 09, 83, 66, 04, 00, EB, 03, 89, 46, 04, 5F, 8B, C6, 5E, 5B...
 
[+]

Entropy:
7.2134

Code size:
495.5 KB (507,392 bytes)

Remove prize_code.scr - Powered by Reason Core Security