» Social.exe
Overview
Analysis
File Details
Behaviors (1)

Social.exe

Social

PremiumSoft CyberTech Ltd.

The executable Social.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘SOCIAL_TWITTER’.

File name:

Social.exe

Publisher:

GrandSoft (signed by PremiumSoft CyberTech Ltd.)

Product:

Social

Version:

2.0.9

MD5:

e5560e9914218d08ac08a4916f8661f6

SHA-1:

41ce589d1c87705bb10d0d8a3ea3c7dac9858380

SHA-256:

d082327f75bb7d813c9a05b108c363766f9c763f94630a992e194567728a759e

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

4/23/2024 11:16:56 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.154

File size:

1.8 MB (1,885,455 bytes)

Product version:

2.0.9

Original file name:

Social.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\grandsoft\social for twitter\social.exe

Digital Signature

Signed by:

PremiumSoft CyberTech Ltd.

Authority:

GoDaddy.com, Inc.

Valid from:

3/27/2012 11:02:51 AM

Valid to:

3/27/2013 11:02:51 AM

Subject:

CN=PremiumSoft CyberTech Ltd., O=PremiumSoft CyberTech Ltd., L=Kowloon, S=IA, C=HK

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

040346CB82CCA3

File PE Metadata

Compilation timestamp:

9/5/2012 8:29:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x897A0

Entry point:

E9, 86, DB, FF, FF, E9, 79, FE, FF, FF, C3, B8, 2D, 4F, 49, 00, A3, C0, C9, 4D, 00, C7, 05, C4, C9, 4D, 00, 14, 46, 49, 00, C7, 05, C8, C9, 4D, 00, C8, 45, 49, 00, C7, 05, CC, C9, 4D, 00, 01, 46, 49, 00, C7, 05, D0, C9, 4D, 00, 6A, 45, 49, 00, A3, D4, C9, 4D, 00, C7, 05, D8, C9, 4D, 00, A5, 4E, 49, 00, C7, 05, DC, C9, 4D, 00, 86, 45, 49, 00, C7, 05, E0, C9, 4D, 00, E8, 44, 49, 00, C7, 05, E4, C9, 4D, 00, 75, 44, 49, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, E8, C0, B7, 00, 00, 83, 7D, 08, 00, A3, 74... 
[+]

Entropy:

6.7882

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

751.5 KB (769,536 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SOCIAL_TWITTER

Command:

"C:\Program Files\grandsoft\social for twitter\social.exe" \tray

Remove Social.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.