» PidginPortable.exe
Overview
Analysis
File Details
Downloads (2)

PidginPortable.exe

Pidgin Portable

PortableApps.com

The executable PidginPortable.exe has been detected as malware by 21 anti-virus scanners. The file has been seen being downloaded from z21064.ilifirur.ru and multiple other hosts.

File name:

PidginPortable.exe

Publisher:

PortableApps.com

Product:

Pidgin Portable

Version:

1.6.9.0

MD5:

b34615ae3d27f7a5aa6fce42b090dc7c

SHA-1:

f1b45b22d725f01aae08c4eedd097c4e7aab8463

SHA-256:

bf84383fb75604e4f5d032ae16f7dcb88b7e9109f50913627509a610e51b3e2e

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/25/2024 11:11:38 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Inject

2013.08.27

Avira AntiVirus

TR/Crypt.Xpack.47911

7.11.98.64

avast!

Win32:Injector-BJP [Trj]

2014.9-131126

AVG

Win32/Cryptor

2014.0.3538

Bitdefender

Trojan.GenericKD.1207178

1.0.20.1650

Comodo Security

UnclassifiedMalware

16829

Dr.Web

Trojan.Winlock.8811

9.0.1.0236

Emsisoft Anti-Malware

Trojan.GenericKD.1207178

8.13.11.26.01

ESET NOD32

Win32/Injector.ALMB (variant)

7.8731

Fortinet FortiGate

W32/Buzus.NYXJ!tr

11/26/2013

K7 AntiVirus

Riskware

13.170.9394

Kaspersky

Trojan.Win32.Buzus

14.0.0.3768

Malwarebytes

Trojan.Ransom.PA

v2013.08.24.01

McAfee

Artemis!B34615AE3D27

5600.7176

Microsoft Security Essentials

Trojan:Win32/Loktrom.B

1.163.1557.0

MicroWorld eScan

Trojan.GenericKD.1207178

14.0.0.990

Panda Antivirus

Suspicious file

13.08.24.01

Reason Heuristics

Unnamed.Threat.81

14.3.1.0

Sophos

Troj/Agent-ADGV

4.91

SUPERAntiSpyware

Trojan.Agent/Gen-Malagent

10697

VIPRE Antivirus

Trojan.Win32.Generic

20910

File size:

212 KB (217,088 bytes)

Product version:

1.6.9.0

John T. Haller

Trademarks:

PortableApps.com is a Trademark of Rare Ideas, LLC.

Original file name:

PidginPortable.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\pidginportable.exe

File PE Metadata

Compilation timestamp:

8/23/2013 7:23:35 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:iD4npcA+n75SiUvtOCL5cRRDuXJzDtfP2DKQ/S79EuicUvtOiNAtSt1e:iEpcf1Si4iRDGzBQ/S79EZcl4AMt1

Entry address:

0x1826

Entry point:

E8, BC, 29, 00, 00, E9, 89, FE, FF, FF, B8, 10, C0, 40, 00, C3, A1, 20, EC, 40, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 20, EC, 40, 00, 6A, 04, 50, E8, D2, 1A, 00, 00, 59, 59, A3, 1C, DC, 40, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, 20, EC, 40, 00, E8, B9, 1A, 00, 00, 59, 59, A3, 1C, DC, 40, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 10, C0, 40, 00, EB, 05, A1, 1C, DC, 40, 00, 89, 0C, 02, 83, C1, 20, 83, C2, 04, 81, F9, 90, C2, 40, 00, 7C, EA, 6A... 
[+]

Entropy:

6.4357

Code size:

29 KB (29,696 bytes)

The file PidginPortable.exe has been seen being distributed by the following 2 URLs.

http://z21064.ilifirur.ru/.../video_xxx.exe

http://z74118.ilifirur.ru/.../video_xxx.exe

Remove PidginPortable.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.