» gifanimator.exe
Overview
Analysis
File Details
Programs (1)

gifanimator.exe

Evgeny Gorshkov

The executable gifanimator.exe has been detected as malware by 8 anti-virus scanners. This file is typically installed with the program GIF Animator 4.0 by Creabit.

File name:

gifanimator.exe

Publisher:

Evgeny Gorshkov (signed and verified)

Version:

4.0.0.0

MD5:

f578563399948a725ca2d1e4ef0bbd33

SHA-1:

e519b3f9e91b308e035094998d861d618ff8902b

SHA-256:

e007366628f9c9bdb8f9dda7fb7f4bb4c416f8052dfc6ed433409d935469ce9f

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

5/10/2024 3:20:36 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11710840

527

Bitdefender

Trojan.Generic.11710840

1.0.20.1195

Emsisoft Anti-Malware

Trojan.Generic.11710840

8.15.08.27.10

F-Secure

Trojan.Generic.11710840

11.2015-27-08_5

G Data

Trojan.Generic.11710840

15.8.24

MicroWorld eScan

Trojan.Generic.11710840

16.0.0.717

nProtect

Trojan.Generic.11710840

14.11.17.01

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.15825

File size:

7.5 MB (7,859,336 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\gif animator\gifanimator.exe

Digital Signature

Signed by:

Evgeny Gorshkov

Authority:

COMODO CA Limited

Valid from:

2/7/2013 2:00:00 AM

Valid to:

2/8/2014 1:59:59 AM

Subject:

CN=Evgeny Gorshkov, O=Evgeny Gorshkov, STREET=Demakova 18-27, L=Novosibirsk, S=Novosibirsk, PostalCode=630128, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D2179B83DB7F2C8F49277493BDB937DD

File PE Metadata

Compilation timestamp:

2/25/2013 9:19:46 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:UZ+a7lHSlP0+a1UJdoqoBFJQlQn024u2ehKUzLZ0Z3QucCI7ovqJFAZ:UZZ7lHSlP0+a1UJdoNBFJQl04u2ehKUi

Entry address:

0x60F5B7

Entry point:

E9, 35, 8B, FD, FF, 5B, 39, FD, BC, 8C, C7, 3D, 93, FF, F6, 3E, 36, F8, 75, 69, 7E, 43, 5D, 3C, 83, EC, 0C, 53, 56, 57, E8, 24, 02, 00, E9, E8, B8, FE, FF, 5B, 0F, 83, 08, 6F, 12, 00, E9, 99, CA, 12, 00, 68, 62, 21, 00, DA, 5F, 23, 3D, F7, 59, 9E, 00, 81, C7, B1, D2, B4, 00, 87, 3C, 24, E9, 09, 28, FB, FF, 81, E0, 86, 4B, 62, D3, 81, F0, B1, 57, 26, C7, 03, C5, 81, C0, CB, E0, 99, 38, 8B, 00, E9, 55, FC, FB, FF, 89, 1C, 24, 5B, 87, 04, 24, 8B, D0, 68, 59, 48, B5, 00, E9, 0C, 27, FF, FF, 81, FB, 27, 14, 27... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

5.3 MB (5,538,816 bytes)

The file gifanimator.exe has been discovered within the following program.

GIF Animator 4.0 by Creabit

www.gif-animator.com

About 9% of users remove it

Remove gifanimator.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.