× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9415d4db1e7d092336a8711dcd3cd0bb4e3ca698306fa058880a692982b596ed
File name: Picasa Viewer
Detection ratio: 57 / 67
Analysis date: 2017-10-13 14:26:46 UTC ( 5 days, 5 hours ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.4824352 20171013
AegisLab Troj.W32.Poweliks!c 20171013
AhnLab-V3 Trojan/Win32.Kovter.R198428 20171013
ALYac Trojan.GenericKD.4824352 20171013
Antiy-AVL Trojan/Win32.Poweliks 20171013
Arcabit Trojan.Generic.D499D20 20171013
Avast Win32:Trojan-gen 20171013
AVG Win32:Trojan-gen 20171013
Avira (no cloud) TR/Crypt.Xpack.amdhe 20171013
AVware Trojan.Win32.Generic!BT 20171013
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20171013
BitDefender Trojan.GenericKD.4824352 20171013
CAT-QuickHeal Trojan.KovterCS.S822777 20171013
ClamAV Win.Packed.Kovter-6333830-0 20171013
Comodo UnclassifiedMalware 20171013
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170804
Cylance Unsafe 20171013
Cyren W32/Kovter.T.gen!Eldorado 20171013
DrWeb Trojan.Kovter.297 20171013
eGambit malicious_confidence_79% 20171013
Emsisoft Trojan.GenericKD.4824352 (B) 20171013
Endgame malicious (high confidence) 20170821
ESET-NOD32 a variant of Win32/Kryptik.FRCN 20171013
F-Prot W32/Kovter.T.gen!Eldorado 20171013
F-Secure Trojan.GenericKD.4824352 20171013
Fortinet W32/Kryptik.FQTO!tr 20171013
GData Trojan.GenericKD.4824352 20171013
Ikarus Trojan.Win32.Krypt 20171013
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0050b1ea1 ) 20171013
K7GW Hacktool ( 655367771 ) 20171013
Kaspersky HEUR:Trojan.Win32.Generic 20171013
Malwarebytes Trojan.Kovter 20171013
MAX malware (ai score=80) 20171013
McAfee RDN/Generic.hbg 20171013
McAfee-GW-Edition BehavesLike.Win32.Vobfus.fc 20171013
Microsoft Trojan:Win32/Kovter!rfn 20171013
eScan Trojan.GenericKD.4824352 20171013
NANO-Antivirus Trojan.Win32.Poweliks.enuuay 20171013
nProtect Trojan/W32.Poweliks.360645 20171013
Palo Alto Networks (Known Signatures) generic.ml 20171013
Panda Trj/GdSda.A 20171013
Qihoo-360 Trojan.Generic 20171013
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV Mal/Generic-S 20171013
Symantec Trojan.Gen.2 20171013
Tencent Win32.Trojan.Generic.Apwk 20171013
TrendMicro TROJ_KOVTER.AUSKJA 20171013
TrendMicro-HouseCall TROJ_KOVTER.AUSKJA 20171013
VBA32 Trojan.Poweliks 20171013
VIPRE Trojan.Win32.Generic!BT 20171013
ViRobot Trojan.Win32.Z.Kovter.360645 20171013
Webroot W32.Trojan.Gen 20171013
WhiteArmor Malware.HighConfidence 20170927
Yandex Trojan.Poweliks! 20171012
Zillya Trojan.Poweliks.Win32.518 20171013
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171013
Alibaba 20170911
Avast-Mobile 20171013
Bkav 20171013
CMC 20171013
Jiangmin 20171013
Kingsoft 20171013
Rising 20171013
SUPERAntiSpyware 20171013
Symantec Mobile Insight 20171011
TheHacker 20171013
TotalDefense 20171013
Trustlook 20171013
Zoner 20171013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2004-2011 Google Inc.

Product Picasa Photo Viewer
Original name GooglePhotoViewer
Internal name Picasa Viewer
File version 3.9.139
Description Picasa Photo Viewer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-08-20 11:57:40
Entry Point 0x0000297A
Number of sections 8
PE sections
Overlays
MD5 7f337aa975caad17d5b4f2d5f1c1bb39
File type data
Offset 359936
Size 709
Entropy 7.71
PE imports
RegCreateKeyExW
RegOpenCurrentUser
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
LsaQuerySecret
RegDeleteKeyW
RegQueryValueExW
GetLastError
WaitForSingleObject
QueryPerformanceCounter
GetTickCount
DisableThreadLibraryCalls
LoadLibraryA
lstrlenW
GetCurrentProcess
LocalAlloc
GetConsoleCursorInfo
GetProcAddress
InterlockedCompareExchange
GetCurrentThread
ReleaseSemaphore
GetModuleHandleA
CreateSemaphoreW
CloseHandle
GetSystemTimeAsFileTime
OutputDebugStringA
LocalFree
SetUnhandledExceptionFilter
ExitProcess
GetCurrentThreadId
OpenSemaphoreW
GetCurrentProcessId
SetLastError
wsprintfW
wvsprintfA
GetInputDesktop
_adjust_fdiv
free
_initterm
ferror
malloc
NtInitiatePowerAction
RtlUpperChar
NtPowerInformation
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 8
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2003:08:20 12:57:40+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
2.23

EntryPoint
0x297a

InitializedDataSize
297472

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
120832

File identification
MD5 edf224066ba9c37a8dbfd09a88d35976
SHA1 3acc641d981ccdb07cd4de5f75eef48b274329c2
SHA256 9415d4db1e7d092336a8711dcd3cd0bb4e3ca698306fa058880a692982b596ed
ssdeep
6144:bUdAwx4apxhBjpgzMU7vWAzA0sSUE4qYD7H7H+U5ScKLZS15ARjUdwOqp:bCAwF3pgvDWAz2A4q2H7HDSceS15A5p

authentihash 99ea9f82865842329ac3ff118cc5189d39f70a5ce72fc9679050a905f7a665a5
imphash 49340b04115c18f2f0b4ebb1b7f745a2
File size 352.2 KB ( 360645 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-04-11 15:12:52 UTC ( 6 months, 1 week ago )
Last submission 2017-08-28 12:31:33 UTC ( 1 month, 3 weeks ago )
File names GooglePhotoViewer
d4db1e7d092336a8711dcd3cd0bb4e3ca698306fa058880a692982b596ed.bin
Picasa Viewer
9415d4db1e7d092336a8711dcd3cd0bb4e3ca698306fa058880a692982b596ed.exe
7adc4976c6da3cb214fb044480798a4f38b7208e
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications