× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1bb25a376de61b0320675b64a6ad6cca32491bfe27d678736a26d7965f419352
File name: WL-0e0aeea0611341898ce4a867e5f3536d-0
Detection ratio: 41 / 49
Analysis date: 2013-12-16 12:31:14 UTC ( 4 months ago )
Antivirus Result Update
AVG Downloader.Agent2.BOXS 20131216
Ad-Aware Trojan.GenericKD.1160724 20131211
Agnitum Backdoor.Androm!YdIVY1Cfyt0 20131215
AhnLab-V3 Trojan/Win32.Inject 20131215
AntiVir TR/Spy.ZBot.zurg 20131216
Antiy-AVL Backdoor/Win32.Androm 20131210
Avast Win32:Crypt-PTQ [Trj] 20131216
Baidu-International Backdoor.Win32.Androm.altz 20131213
BitDefender Trojan.GenericKD.1160724 20131211
CAT-QuickHeal Trojan.Lethic.B5 20131216
CMC Packed.Win32.Hrup.1!O 20131213
Commtouch W32/Trojan.TYZZ-8760 20131216
Comodo TrojWare.Win32.Injector.ALON 20131216
DrWeb BackDoor.Tishop.55 20131216
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AW 20131216
F-Prot W32/Trojan3.FSG 20131216
F-Secure Trojan.GenericKD.1160724 20131216
Fortinet W32/Agent.3487!tr 20131216
GData Trojan.GenericKD.1160724 20131216
Ikarus Virus.Win32.Zbot 20131216
K7AntiVirus Trojan ( 0001140e1 ) 20131213
K7GW Trojan ( 0001140e1 ) 20131213
Kaspersky Backdoor.Win32.Androm.aicv 20131216
Kingsoft Win32.Troj.Undef.(kcloud) 20130829
Malwarebytes Trojan.Agent.ED 20131216
McAfee Generic Dropper.p 20131216
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20131216
MicroWorld-eScan Trojan.GenericKD.1160724 20131216
Microsoft TrojanDownloader:Win32/Dofoil.R 20131216
NANO-Antivirus Trojan.Win32.Androm.cbqflc 20131216
Norman Gamarue.BBV 20131216
Panda Trj/Agent.IVN 20131216
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20131215
Sophos Troj/Agent-ADBN 20131216
Symantec Trojan Horse 20131216
TotalDefense Win32/Dofoil.MZ 20131214
TrendMicro TROJ_ZURGOP.AI 20131216
TrendMicro-HouseCall TROJ_ZURGOP.AI 20131216
VBA32 BScope.MalwareCryptor.Oop 20131216
VIPRE Trojan.Win32.Generic!BT 20131216
ViRobot Trojan.Win32.S.Inject.94208.Y 20131216
Bkav 20131216
ByteHero 20130613
ClamAV 20131216
Emsisoft 20131216
Jiangmin 20131216
Rising 20131216
TheHacker 20131216
nProtect 20131216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
John T. Haller

Publisher PortableApps.com
Product Pidgin Portable
Original name PidginPortable.exe
Internal name Pidgin Portable
File version 1.6.9.0
Description Pidgin Portable
Comments Allows Pidgin to be run from a removable drive. For additional details, visit PortableApps.com/PidginPortable
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-05 06:37:38
Link date 7:37 AM 8/5/2013
Entry Point 0x00002344
Number of sections 4
PE sections
PE imports
AddAuditAccessAceEx
ClusterNodeGetEnumCount
OfflineClusterGroup
ClusterNetworkOpenEnum
CreateClusterResource
HeapSize
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
GetModuleFileNameA
RtlUnwind
IsProcessorFeaturePresent
HeapSetInformation
GetCurrentProcess
EnumSystemLocalesA
GetLocaleInfoA
GetCurrentProcessId
GetUserDefaultLCID
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
EncodePointer
GetLocaleInfoW
GetCPInfo
LoadLibraryW
TlsFree
DeleteCriticalSection
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
IsValidLocale
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
TerminateProcess
IsValidCodePage
HeapCreate
GetStringTypeW
InterlockedDecrement
Sleep
GetFileType
GetTickCount
TlsSetValue
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
Number of PE resources by type
RT_FONT 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
SPANISH PUERTO RICO 1
ExifTool file metadata
CodeSize
37888

SubsystemVersion
5.0

Comments
Allows Pidgin to be run from a removable drive. For additional details, visit PortableApps.com/PidginPortable

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.9.0

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
Pidgin Portable

CharacterSet
Unicode

InitializedDataSize
55296

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
John T. Haller

FileVersion
1.6.9.0

TimeStamp
2013:08:05 07:37:38+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Pidgin Portable

FileAccessDate
2013:12:16 13:32:17+01:00

ProductVersion
1.6.9.0

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2013:12:16 13:32:17+01:00

OriginalFilename
PidginPortable.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
PortableApps.com

LegalTrademarks
PortableApps.com is a Trademark of Rare Ideas, LLC.

ProductName
Pidgin Portable

ProductVersionNumber
1.6.9.0

EntryPoint
0x2344

ObjectFileType
Executable application

File identification
MD5 898101c6689522c336f6d2c6aabd6c8c
SHA1 13ca128ec610087f149f1eca38be78db5a6b830b
SHA256 1bb25a376de61b0320675b64a6ad6cca32491bfe27d678736a26d7965f419352
ssdeep
1536:wULC+gq6Bmovx3Uzd5+Pq84iIE9gzJZntLc+:w8u3Y+PBfCP2+

File size 92.0 KB ( 94208 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-05 06:58:22 UTC ( 8 months, 2 weeks ago )
Last submission 2013-12-16 12:31:14 UTC ( 4 months ago )
File names WL-0e0aeea0611341898ce4a867e5f3536d-0
Pidgin Portable
vt-upload-Q5dCq
898101c6689522c336f6d2c6aabd6c8c
Picture_875994093433_MMS.pic.exe
PidginPortable.exe
Picture 875994093433 MMS.pic.exe
PictureMMS.pic.exe
vt-upload-vi0Lt
gtimer.exe
Your Bill Summary REF.875633028831.pdf.exe
898101c6689522c336f6d2c6aabd6c8c.bin
vt-upload-MTBoQ
file-5797904_exe
Picture%20875994093433%20MMS.pic.exe
vt-upload-pdpSI
vt-upload-Uc8ks
jrgtivdb.exe old
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!