home

PhotoshopPortable.exe

Adobe Photoshop CS4 Portable

PortableAppZ.blogspot.com

The executable PhotoshopPortable.exe has been detected as malware by 11 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from rghost.net.
Publisher:
PortableAppZ.blogspot.com

Product:
Adobe Photoshop CS4 Portable

Version:
1.3.0.1

MD5:
e8ce962a38d2217855ccbaf7f7eeb7fa

SHA-1:
fa43e0a4826568d5a04e150d4e1fa42700006bb8

SHA-256:
3de29ac105a60398116301e5604a2b2c22625e7760177b98b19a69120b5a5c0b

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 1:24:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
5813571

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:Sality
160108-0

AVG
Win32/Sality
2015.0.4489

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.2188.0

Norman
Win32.Sality.3
17.12.2015 06:34:11

VIPRE Antivirus
Threat.4721115
46364

File size:
126.8 KB (129,833 bytes)

Product version:
1.3.0.1

Copyright:
Bernat

Trademarks:
PörtableAppZ is a trademark of Bernat

Original file name:
PhotoshopPortable.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\photoshopportable.exe

File PE Metadata
Compilation timestamp:
10/11/2008 5:48:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:VNy3ph0mJjcu/1i6g4OIKS1sdc+E1yrqpSilKLPeKDD9chf:VF2gnwdaqlKLxDBcp

Entry address:
0x3225

Entry point:
12, F9, 25, 6F, 29, F5, A1, 8D, 15, EC, 99, A1, F1, FE, C0, 39, F8, B1, F3, 8A, D5, 05, 60, 01, 9E, 9F, 85, C9, 72, 0F, 81, E0, 66, 68, 0A, 3A, 80, D4, DD, F7, C7, A5, 59, F0, 00, 0F, B7, FB, F7, C3, 32, E0, 6A, 11, 6A, 00, 5D, 81, FE, DE, 9A, 00, 00, 72, 04, 84, F0, 20, C4, 33, E8, 85, FE, 71, 05, 0F, AF, C1, 8A, DD, 89, F7, 8D, 4D, 00, 0F, BE, C6, B0, 59, 8B, C7, 0F, AF, D3, 03, F1, 00, EB, B7, 8F, C6, C7, 97, 0F, B6, F9, F7, C6, 88, BD, 13, A8, 0F, AF, FB, F2, 84, CE, 89, D9, E8, 1E, 00, 00, 00, 85, C6...
 
[+]

Entropy:
7.7064  (probably packed)

Code size:
22.5 KB (23,040 bytes)

The file PhotoshopPortable.exe has been seen being distributed by the following URL.

http://rghost.net/download/7SG9JJL84/.../PhotoshopPortable.exe

Remove PhotoshopPortable.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.