× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 75e9b547e48a62550e300614576124fd122aa961e8e6428e2f71cb3382514598
File name: Pidgin Portable
Detection ratio: 38 / 51
Analysis date: 2014-04-29 03:08:18 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.30091 20140429
Yandex Trojan.Kryptik!BBsEuDCextU 20140428
AhnLab-V3 Trojan/Win32.Inject 20140428
AntiVir TR/Crypt.Xpack.49403 20140429
Antiy-AVL Trojan[:HEUR]/Win32.Unknown 20140429
Avast Win32:Malware-gen 20140429
AVG Win32/Cryptor 20140428
BitDefender Gen:Variant.Symmi.30091 20140429
CAT-QuickHeal Trojan.Lethic.B5 20140428
Commtouch W32/Agent.XB.gen!Eldorado 20140429
Comodo TrojWare.Win32.Kryptik.BIHS 20140429
DrWeb BackDoor.IRC.NgrBot.146 20140429
Emsisoft Gen:Variant.Symmi.30091 (B) 20140429
ESET-NOD32 a variant of Win32/Kryptik.BIHS 20140429
F-Prot W32/Agent.XB.gen!Eldorado 20140429
F-Secure Gen:Variant.Symmi.30639 20140429
Fortinet W32/Androm.AOCK!tr 20140428
GData Gen:Variant.Symmi.28873 20140429
Ikarus Trojan.Win32.Duhsad 20140429
K7GW Riskware ( 0040eff71 ) 20140428
Kaspersky HEUR:Trojan.Win32.Generic 20140429
Kingsoft Win32.Troj.Generic.a.(kcloud) 20140429
Malwarebytes Trojan.Ransom.PA 20140429
McAfee PWSZbot-FDA!E005FFB87D3C 20140429
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.G 20140429
Microsoft PWS:Win32/Zbot.gen!AJ 20140429
eScan Gen:Variant.Symmi.28873 20140429
NANO-Antivirus Trojan.Win32.NgrBot.ccgdkg 20140429
Norman Troj_Generic.OQIBO 20140428
Panda Trj/Genetic.gen 20140429
Qihoo-360 Malware.QVM10.Gen 20140429
Sophos AV Troj/Agent-ADGV 20140429
SUPERAntiSpyware Trojan.Agent/Gen-Malagent 20140429
Symantec Packed.Generic.457 20140429
TrendMicro TROJ_FAKEAV.BMC 20140429
TrendMicro-HouseCall TROJ_FAKEAV.BMC 20140429
VBA32 Worm.Ngrbot 20140428
VIPRE Trojan.Win32.Agent.adgv (v) 20140429
AegisLab 20140429
Baidu-International 20140428
Bkav 20140428
ByteHero 20140429
ClamAV 20140429
CMC 20140424
Jiangmin 20140428
K7AntiVirus 20140428
nProtect 20140428
Rising 20140428
TheHacker 20140426
TotalDefense 20140428
ViRobot 20140428
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
John T. Haller

Publisher PortableApps.com
Product Pidgin Portable
Original name PidginPortable.exe
Internal name Pidgin Portable
File version 1.6.9.0
Description Pidgin Portable
Comments Allows Pidgin to be run from a removable drive. For additional details, visit PortableApps.com/PidginPortable
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-18 18:46:16
Entry Point 0x00001DE1
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
AdjustTokenGroups
QueryServiceConfigA
GetSecurityDescriptorGroup
PrivilegeCheck
ObjectCloseAuditAlarmW
RegQueryMultipleValuesW
GetServiceKeyNameA
SetKernelObjectSecurity
RegisterServiceCtrlHandlerA
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
HeapSetInformation
GetCurrentProcess
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetModuleHandleW
IsValidCodePage
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
GetCommandLineA
GlobalLock
HeapSize
GetTempFileNameW
SetStdHandle
GetCPInfo
LoadLibraryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetACP
HeapReAlloc
DecodePointer
GetProcAddress
IsBadStringPtrW
HeapAlloc
TerminateProcess
GetCurrencyFormatA
HeapCreate
SetLastError
CreateFileW
VirtualQuery
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
LeaveCriticalSection
FindExecutableA
DuplicateIcon
ExtractIconW
ExtractIconExW
ShellExecuteExW
Shell_NotifyIconW
DoEnvironmentSubstW
ReleaseStgMedium
CreateStreamOnHGlobal
CoRegisterClassObject
CoMarshalInterThreadInterfaceInStream
Number of PE resources by type
RT_ANIICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
SPANISH PUERTO RICO 1
PE resources
ExifTool file metadata
LegalTrademarks
PortableApps.com is a Trademark of Rare Ideas, LLC.

SubsystemVersion
5.0

Comments
Allows Pidgin to be run from a removable drive. For additional details, visit PortableApps.com/PidginPortable

InitializedDataSize
185344

ImageVersion
0.0

ProductName
Pidgin Portable

FileVersionNumber
1.6.9.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFilename
PidginPortable.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.6.9.0

TimeStamp
2013:08:18 19:46:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Pidgin Portable

FileAccessDate
2014:04:29 04:25:57+01:00

ProductVersion
1.6.9.0

FileDescription
Pidgin Portable

OSVersion
5.0

FileCreateDate
2014:04:29 04:25:57+01:00

FileOS
Win32

LegalCopyright
John T. Haller

MachineType
Intel 386 or later, and compatibles

CompanyName
PortableApps.com

CodeSize
46592

FileSubtype
0

ProductVersionNumber
1.6.9.0

EntryPoint
0x1de1

ObjectFileType
Executable application

File identification
MD5 e005ffb87d3cab861a7b31aaeabfa357
SHA1 cf66e213d4165a9ef181930b35f40e9c3a901da1
SHA256 75e9b547e48a62550e300614576124fd122aa961e8e6428e2f71cb3382514598
ssdeep
3072:Y4qeWnDh1E6ttMNOSgJn8FQFd1ysgmiSvB17ZvXHjw/95I7v1edY4ZzEvsTq:zqjDhXjf881yYv/7ZvHj23Gv1eK4/q

imphash 6c38b203e12024023623925667349aa8
File size 228.5 KB ( 233984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-08-25 07:49:44 UTC ( 5 years, 3 months ago )
Last submission 2013-08-25 07:49:44 UTC ( 5 years, 3 months ago )
File names vt-upload-4CsuM
PidginPortable.exe
Pidgin Portable
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs