» gifconstructionset3.exe
Overview
Analysis
File Details
Downloads (2)

gifconstructionset3.exe

Alchemy Mindworks

This is a setup program which is used to install the application. The file has been seen being downloaded from data2.softmania.sk and multiple other hosts.

File name:

Publisher:

Alchemy Mindworks (signed and verified)

MD5:

09b84ac24d1f9686e83d6ab2aaabaa94

SHA-1:

5b35d92043c9c101e17c521fd4c8325a117f0337

SHA-256:

b93640788f7da3671661dcf478696d26044584b4c5877dd6a1a72ee95fb6fedb

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 9:35:24 PM UTC (today)

File size:

12.6 MB (13,169,520 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Alchemy Mindworks

Authority:

The USERTRUST Network

Valid from:

8/12/2009 5:00:00 PM

Valid to:

8/13/2011 4:59:59 PM

Subject:

CN=Alchemy Mindworks, O=Alchemy Mindworks, STREET=Box 5200, L=Huntsville, S=Ontario CANADA, PostalCode=P1H 2K6, C=CA

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00AC9C102E3FE0A28A7231267D93BC5AE7

File PE Metadata

Compilation timestamp:

11/16/2012 11:22:32 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:WrnTauKL3nx7q9YGHoY1Tg36tagBSdGNoX2vl:WHaVrx7q9PHoAvudmJ

Entry address:

0x1000

Entry point:

A1, 5A, 70, 43, 00, C1, E0, 02, A3, 5E, 70, 43, 00, 57, 51, 33, C0, BF, 10, 56, 44, 00, B9, 58, 35, 45, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 64, 67, 8B, 16, 04, 00, 89, 15, 6E, 70, 43, 00, 8B, 42, F8, A3, 66, 70, 43, 00, 8B, 42, FC, A3, 6A, 70, 43, 00, 83, EA, 04, 89, 15, 68, 01, 45, 00, 83, EA, 04, 3B, D4, 73, 02, 8B, E2, 6A, 00, E8, 47, D0, 02, 00, 59, 68, 2C, 70, 43, 00, 6A, 00, E8, 39, 4D, 03, 00, A3, 62, 70, 43, 00, 6A, 00, E9, B4, 3B, 03, 00, E9, 0B, D1, 02, 00, 00, 00, 00, 55, 8B, EC, 83... 
[+]

Entropy:

7.9944 (probably packed)

Code size:

213.5 KB (218,624 bytes)

The file gifconstructionset3.exe has been seen being distributed by the following 2 URLs.

http://data2.softmania.sk/downloadFile.php?n=Z2lmLWNvbnN0cnVjdGlvbi1zZXQtcHJvXzMuMGEuMjUuZXhl&s=1st3ucbnff4u0bgfga7ngm4hq3&r=5f2214d26d14e75b3ec82f7dce95eff2

http://softmania.sk/download/animacie/gif-construction-set-pro/5qags601mq3vquoeo6pgi65eo3/.../gif-construction-set-pro_3.0a.25.exe

Scan gifconstructionset3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.