» ulead_gif_animator_5.5full_rus_besplatna.exe
Overview
Analysis
File Details
Downloads (4)

ulead_gif_animator_5.5full_rus_besplatna.exe

FilePac_to_Algoritm

daiomik

The executable ulead_gif_animator_5.5full_rus_besplatna.exe, “Поддержка единых файлов для "Алгоритм 2"” has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cloclo19.datacloudmail.ru and multiple other hosts.

File name:

Publisher:

daiomik

Product:

FilePac_to_Algoritm

Description:

Поддержка единых файлов для "Алгоритм 2"

Version:

1.1

MD5:

bf161843ba7bb1f0e4d2836d096c38b0

SHA-1:

2b53cd9968967d0a4be7d5c7d21815a8ba26cab5

SHA-256:

4bf7a1ab201e0657706af744551b7f406b2c74d77f321b4888eccb8a1ad012f4

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

11/23/2024 2:14:43 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.11627855

8.3.1.6

Clam AntiVirus

Win.Trojan.Lamo

0.98/20702

Comodo Security

Heur.Packed.Unknown

22675

Dr.Web

Trojan.DownLoader12.51893

9.0.1.05190

McAfee

Artemis!BF161843BA7B

5600.6699

Quick Heal

(Suspicious) - DNAScan

7.15.14.00

Zillya! Antivirus

Trojan.Rabbit.Win32.968

2.0.0.2269

File size:

11.1 MB (11,627,855 bytes)

Product version:

1.1

daiomik

Original file name:

????????

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/30/2010 1:35:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

196608:CmmTjv3De9jX8TCuG/ynlf+N/Dkn7Q8DMOHlO2fVy9CfjsPOHsWcgwsDtohBw0Dg:6TWuGyf8LknU8wOs2fV42jjHsWrw9/wN

Entry address:

0x1000

Entry point:

68, 34, 00, 00, 00, 68, 00, 00, 00, 00, 68, B4, 3A, 41, 00, E8, F4, 0F, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, ED, 0F, 00, 00, A3, B8, 3A, 41, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, DA, 0F, 00, 00, A3, B4, 3A, 41, 00, E8, 7C, CB, 00, 00, E8, 19, CB, 00, 00, E8, 82, C1, 00, 00, E8, FA, B2, 00, 00, E8, CB, B1, 00, 00, E8, 83, AA, 00, 00, E8, 99, A9, 00, 00, E8, C6, 0F, 00, 00, A1, BC, 3B, 41, 00, 50, 50, E8, F6, B2, 00, 00, 8D, 0D, CC, 3A, 41, 00, 5A, E8, 81, 0F, 00, 00, A1... 
[+]

Packer / compiler:

PKLITE32, 0x1.1

Code size:

50.5 KB (51,712 bytes)

The file ulead_gif_animator_5.5full_rus_besplatna.exe has been seen being distributed by the following 4 URLs.

https://cloclo19.datacloudmail.ru/weblink/get/.../Ulead_GIF_Animator_5.5full_RUS_Besplatna (2).exe

Remove ulead_gif_animator_5.5full_rus_besplatna.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.