home

Guiformat.exe

Guiformat

The executable Guiformat.exe has been detected as malware by 3 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc341.4shared.com.
Product:
Guiformat

Version:
1.01

MD5:
6d506b21a70cc4585db3f9732c82f4b4

SHA-1:
28811fc242c6a8a25f471b33425e7bda188ddbbe

SHA-256:
c6de2d5ad80474ef0675ace8992dd4e56f3d9f2be2ac0d2b846e2c3f9b8d33df

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
5/19/2024 10:38:04 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.225.1489.0

File size:
144 KB (147,456 bytes)

Product version:
1.01

Copyright:
Copyright © 2009 Ridgecrop Consultants Ltd

Original file name:
Guiformat.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\guiformat.exe

File PE Metadata
Compilation timestamp:
6/15/2009 2:12:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:jbNe8LrT2ocGoq67qARrAvaMbHvOHDvpCvNZbVSd:jPrTjMqARqaQvWrpGPbM

Entry address:
0x4838

Entry point:
85, F7, EB, 07, 0F, AF, FD, 8B, EE, 04, 47, C7, C5, C0, BB, 9E, 49, 25, 39, BD, 82, 1B, 0F, BF, FE, 86, FC, 81, FB, 47, 26, DD, F7, 85, FB, 4E, 75, 02, 86, F7, E8, 35, 00, 00, 00, 88, D2, 80, C5, 56, C6, C2, 79, FE, C7, 0F, AF, D1, 85, DB, 86, F7, 8D, 1D, 06, 0E, 60, 53, 8D, 0D, 48, 9D, 0C, 9F, 8D, 38, 72, 09, 86, F7, BA, EE, 0C, 7A, CA, 86, E1, 8A, D8, FE, C2, 8D, 37, 85, DA, 0F, AF, C5, 81, FA, 4A, 16, 00, 00, 76, 04, 89, FB, 85, D7, FF, C0, 0F, AF, E8, 88, F1, 4B, 87, D5, 0F, B7, DD, 69, ED, 96, B4, AC...
 
[+]

Code size:
40 KB (40,960 bytes)

The file Guiformat.exe has been seen being distributed by the following URL.

http://dc341.4shared.com/download/.../guiformat.exe

Remove Guiformat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.