home

gallery.exe

xwidget.com

The executable gallery.exe, “ XWidget Gallery” has been detected as malware by 1 anti-virus scanner. Additionally, the file is typically installed by a number of programs including XWidget Ver1.80 by XWidget Software and XWidget Ver1.84 by XWidget Software. While running, it connects to the Internet address box361.bluehost.com on port 80 using the HTTP protocol.
Publisher:
xwidget.com

Description:
XWidget Gallery

Version:
1.3.0.1030

MD5:
31514cbf38b4b8d526e7600abcfe2d69

SHA-1:
124ff6184caba95446d23c00faa653fa8cca3723

SHA-256:
5dc01b829fb300f9bf570cdf0b286ac0c7663c113c2aaae454187386ff6e9886

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/20/2024 2:26:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Unnamed.Threat.14
14.2.23.10

File size:
880 KB (901,120 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\xwidget\gallery.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:6FmgMuOQUaNXE11Oyr7BJEcKPjqvXBuEIBQmVlxZORwaHdrVij/M/cq:6FDqZHzEcKy4SGnZORwYKE7

Entry address:
0x2D7250

Entry point:
60, BE, 00, 10, 60, 00, 8D, BE, 00, 00, E0, FF, C7, 87, A0, A0, 23, 00, 40, 12, 90, 5F, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.9107

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
860 KB (880,640 bytes)

The file gallery.exe has been discovered within the following programs.

XWidget Ver1.80  by XWidget Software
Publisher's description - “XWidget is a free desktop customization platform. It’s light, handy with powerful visual widget editor and very smooth animations. More fast startup speed, low resources taken, with smooth animation effects,the perfect user experience.”
www.xwidget.com
About 1% of users remove it
XWidget Ver1.84  by XWidget Software
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to box361.bluehost.com  (69.89.31.161:80)

Remove gallery.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.