home

PidginPortable.exe

Pidgin Portable

PortableApps.com

The executable PidginPortable.exe has been detected as malware by 35 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from protein-shakes.de.
Publisher:
PortableApps.com

Product:
Pidgin Portable

Version:
1.6.9.0

MD5:
fd28b18fcb5a4026389985afd6ee6c6b

SHA-1:
00bdccf67999caceb6368206f5566fc4f4dac033

SHA-256:
1423f55ef804db0e615b7f1076d4c3cb9b13b52ddcd7eae38af660848cb46ca3

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
4/25/2024 9:04:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Wauchos
7.1.1

AhnLab V3 Security
Trojan/Win32.Inject
2013.11.21

Avira AntiVirus
Worm/Gamarue.I.1023
7.11.114.200

avast!
Win32:Dropper-gen [Drp]
2014.9-130824

AVG
Downloader.Small
2014.0.3538

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.131126

Bitdefender
Trojan.GenericKDV.1203907
1.0.20.1180

Bkav FE
W32.VRTaskmanLTJ.Trojan
1.3.0.4562

Clam AntiVirus
Win.Worm.Gamarue-10
0.98/18155

Comodo Security
Heur.Suspicious
17304

Dr.Web
Trojan.Inject2.23
9.0.1.0236

Emsisoft Anti-Malware
Trojan.Win32.LockScreen
8.13.08.24.01

ESET NOD32
Win32/TrojanDownloader.Wauchos
7.9072

Fortinet FortiGate
W32/Androm.AOCK!tr
8/24/2013

F-Prot
W32/Trojan3.FXD
v6.4.7.1.166

F-Secure
Trojan.GenericKDV.1203907
11.2013-26-11_3

G Data
Trojan.GenericKDV.1203907
13.8.22

IKARUS anti.virus
Trojan.Injector
t3scan.2.2.29

K7 AntiVirus
Riskware
13.173.10249

Kaspersky
Trojan-Spy.Win32.Zbot
14.0.0.3768

Malwarebytes
Trojan.Ransom.PA
v2013.08.24.01

McAfee
Generic BackDoor.u
5600.7176

Microsoft Security Essentials
Worm:Win32/Gamarue.I
1.163.1557.0

MicroWorld eScan
Trojan.GenericKDV.1203907
14.0.0.708

NANO AntiVirus
Trojan.Win32.Zbot.ccvtjv
0.28.0.56316

Norman
Gamarue.BAA
11.20130824

Panda Antivirus
Generic Malware
13.08.24.01

Quick Heal
Worm.Gamarue
11.13.12.00

Reason Heuristics
Unnamed.Threat.68
14.3.1.0

Sophos
Troj/Agent-ADHO
4.95

SUPERAntiSpyware
Trojan.Agent/Gen-Malagent
10697

Trend Micro House Call
TROJ_INJECTO.BPY
7.2.236

Trend Micro
TROJ_INJECTO.BPY
10.465.24

VIPRE Antivirus
Trojan.Win32.Agent.adgv
23548

ViRobot
Trojan.Win32.Zbot.87552.C
2011.4.7.4223

File size:
85.5 KB (87,552 bytes)

Product version:
1.6.9.0

Copyright:
John T. Haller

Trademarks:
PortableApps.com is a Trademark of Rare Ideas, LLC.

Original file name:
PidginPortable.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pidginportable.exe

File PE Metadata
Compilation timestamp:
8/22/2013 1:33:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:Hp+vK+/C+DNMVNXpQPshbLJVqpyek+a7nplvO9uU+1yyWUPL:Hp+8C2HhRVgyeAnDvO9uUkyRUj

Entry address:
0x1872

Entry point:
E8, C8, 29, 00, 00, E9, 89, FE, FF, FF, 6A, 00, 68, 00, 10, 00, 00, 6A, 00, FF, 15, 7C, 90, 40, 00, 33, C9, 85, C0, 0F, 95, C1, A3, 6C, CE, 40, 00, 8B, C1, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 10, C0, 40, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 14, C0, 40, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 21, 26, 00, 00, 85, C0, 75, 06, B8, 78, C1, 40, 00, C3, 83, C0, 08, C3, E8, 0E, 26...
 
[+]

Entropy:
6.3075

Code size:
29 KB (29,696 bytes)

The file PidginPortable.exe has been seen being distributed by the following URL.

http://protein-shakes.de/media/tmp/catalog/product/v/.../i.exe

Remove PidginPortable.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.