» gifconstructionset3.exe
Overview
Analysis
File Details
Downloads (3)

gifconstructionset3.exe

Alchemy Mindworks

This is a setup program which is used to install the application. The file has been seen being downloaded from gif-construction-set-pro.en.softonic.com and multiple other hosts.

File name:

Publisher:

Alchemy Mindworks (signed and verified)

MD5:

d084bbbc1ec9db743570640cd8d181df

SHA-1:

a19060a3fb98b44c441179eeb8364493fa4a9f84

SHA-256:

fec6f3fd24df339b4206ce56eb42a7ebdfecae4a4f5f60c48a704170625b3eb6

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 6:02:23 PM UTC (today)

File size:

1010.9 KB (1,035,120 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\gifconstructionset3.exe

Digital Signature

Signed by:

Alchemy Mindworks

Authority:

COMODO CA Limited

Valid from:

7/29/2013 2:00:00 AM

Valid to:

7/30/2015 1:59:59 AM

Subject:

CN=Alchemy Mindworks, O=Alchemy Mindworks, STREET=L10 C8 Brunel, L=Huntsville, S=Ontario, PostalCode=P1H2J3, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

56108D00306570779BE0CF4D28830FC7

File PE Metadata

Compilation timestamp:

5/11/2064 7:55:31 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:AtnBEEufHEAhpmZ3w+xFyUso3XPr9tFmBg5Rl0DeZ0Ic5sgsdMr7UZBC9F+LGsuj:DUGrUjG7Uj9fyHkyHWwkw

Entry address:

0x1000

Entry point:

A1, 5A, C0, 47, 00, C1, E0, 02, A3, 5E, C0, 47, 00, 57, 51, 33, C0, BF, 40, 89, 48, 00, B9, C4, DF, 48, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 64, 67, 8B, 16, 04, 00, 89, 15, 6E, C0, 47, 00, 8B, 42, F8, A3, 66, C0, 47, 00, 8B, 42, FC, A3, 6A, C0, 47, 00, 83, EA, 04, 89, 15, DC, AC, 48, 00, 83, EA, 04, 3B, D4, 73, 02, 8B, E2, 6A, 00, E8, 2F, 24, 07, 00, 59, 68, 2C, C0, 47, 00, 6A, 00, E8, 53, A0, 07, 00, A3, 62, C0, 47, 00, 6A, 00, E9, 6C, 90, 07, 00, E9, F3, 24, 07, 00, 00, 00, 00, 55, 8B, EC, 81... 
[+]

Code size:

490.5 KB (502,272 bytes)

The file gifconstructionset3.exe has been seen being distributed by the following 3 URLs.

http://gif-construction-set-pro.en.softonic.com/download-tracker?th=1/.../bEHdIg9xJwt32dPo=

http://gif-construction-set-pro-3.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/.../u7D5Trl3ymPSMqU64Nk9pzFQLHjxub1KQKFF67wUCVTiY4=

ftp://ftp.alchemymindworks.com/pub/.../GIFConstructionSet3.exe

Scan gifconstructionset3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.