» save-o-gram.exe
Overview
Analysis
File Details
Downloads (1)

save-o-gram.exe

Save-o-gram Instagram Downloader

Genesis Mobile

The executable save-o-gram.exe, “Save-o-gram Instagram Downloader Setup ” has been detected as malware by 39 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.save-o-gram.com.

File name:

save-o-gram.exe

Publisher:

Genesis Mobile (signed by Genesis Mobile)

Product:

Save-o-gram Instagram Downloader

Description:

Save-o-gram Instagram Downloader Setup

Version:

3.1.0.0

MD5:

668892b331b2be07aabb19d9fe59a33c

SHA-1:

cf061c4c818c72bb3d507ce09a1ac45bfd6a2bc2

SHA-256:

872e33ba755492ee01d55a3b82649236c0568d93f7ffc8ba560b0f9ad727e9d3

Scanner detections:

39 / 68

Status:

Malware

Analysis date:

4/19/2024 9:24:59 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Parite.B

5747018

Agnitum Outpost

Win32.Parite.B

7.1.1

AhnLab V3 Security

Win32/Parite

2015.10.20

Avira AntiVirus

W32/Parite

8.3.2.2

Arcabit

Win32.Parite.B

1.0.0.582

avast!

Parite

151019-2

AVG

Win32/Parite

2015.0.4435

Baidu Antivirus

Virus.Win32.Parite.$b

4.0.3.151020

Bitdefender

Win32.Parite.B

1.0.20.1465

Bkav FE

W32.Pinfi.B

1.3.0.7237

Clam AntiVirus

Heuristics.W32.Parite.B

0.98/21511

Comodo Security

Virus.Win32.Parite.gen

23447

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

10.0.0.5366

ESET NOD32

Win32/Parite.B virus

7.0.302.0

Fortinet FortiGate

W32/Parite.B

10/20/2015

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.14.151

G Data

Win32.Parite

15.10.25

IKARUS anti.virus

Virus.Parite

t3scan.1.9.5.0

K7 AntiVirus

Virus

13.211.17582

Kaspersky

Virus.Win32.Parite

15.0.0.543

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.207.3491.0

MicroWorld eScan

Win32.Parite.B

16.0.0.879

NANO AntiVirus

Virus.Win32.Parite.bgvo

0.30.26.3947

Norman

Win32.Parite.B

10.10.2015 03:41:45

nProtect

Virus/W32.Parite.C

15.10.19.01

Panda Antivirus

W32/Parite.B

15.10.20.12

Quick Heal

W32.Perite.A

10.15.14.00

Rising Antivirus

PE:Virus.Parite!1.9B80[F1]

23.00.65.151018

Sophos

Virus 'W32/Parite-B'

5.15

Total Defense

Win32/Pinfi.A

37.1.62.1

Trend Micro House Call

PE_PARITE.A

7.2.293

Trend Micro

PE_PARITE.A

10.465.20

Vba32 AntiVirus

Virus.Win32.Parite.b

3.12.26.4

VIPRE Antivirus

Threat.46249

43798

ViRobot

Win32.Parite.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Parite.Win32.9

2.0.0.2457

File size:

3 MB (3,169,752 bytes)

Product version:

3.1.0.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\save-o-gram.exe

Digital Signature

Signed by:

Genesis Mobile

Authority:

Unizeto Technologies S.A.

Valid from:

12/18/2014 8:23:28 AM

Valid to:

12/18/2015 8:23:28 AM

Subject:

E=support@save-o-gram.com, CN=Genesis Mobile, OU=Software Development, O=Genesis Mobile, C=HR

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

4923E8D60D28FBD4701651C8338D4B03

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:X9Dp4Npnl/GymHIiyt3EtY1CH8Oz9QDQUiAir70p59dsqZ:tO/GywIixtYYj9QsUyv0pfdsqZ

Entry address:

0x14000

Entry point:

90, 90, B9, 85, 51, 9F, 00, 90, 90, 68, 1E, 40, 41, 00, 5F, 90, 90, BE, 98, 05, 00, 00, 31, 0C, 3E, 90, 4E, 83, EE, 03, 90, 75, F5, 90, 6D, 2C, 9E, 00, 85, 51, 9F, 00, 85, 51, DF, 00, 7D, F4, 9F, 00, 55, F6, B2, 00, 5D, FC, B2, 00, 85, E1, 9D, 00, 7A, AE, 60, FF, 31, 81, DF, 00, E1, 83, DF, 00, F9, 83, DF, 00, 85, 51, 9F, 00, 85, 51, 9F, 00, 85, 51, 9F, 00, 31, F7, 9F, 00, E7, 83, 9F, 00, FF, 83, 9F, 00, 85, 51, 9F, 00, 85, 51, 9F, 00, 85, 51, 9F, 00, 85, 51, 9F, 00, 99, 80, DF, 00, 85, 51, 9F, 00, 85, 51... 
[+]

Entropy:

7.9968 (probably packed)

Code size:

39.5 KB (40,448 bytes)

The file save-o-gram.exe has been seen being distributed by the following URL.

http://www.save-o-gram.com/.../Save-o-gram.exe

Remove save-o-gram.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.