home

Guiformat.exe

Guiformat

The executable Guiformat.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.ridgecrop.demon.co.uk.
Product:
Guiformat

Version:
1.01

MD5:
b9d0bd5fbfcd1d9e6a576f040bd810e9

SHA-1:
5fb61825e665786536dee0a76eba8bd978673c68

SHA-256:
ce92644de09b9c5c91e36b3947838acff929ce130818d881e9045a5d51fad09a

Scanner detections:
7 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
7/3/2025 5:58:44 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

AVG
Win32/Sality
2015.0.4568

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

Microsoft Security Essentials
Threat.Undefined
1.219.2198.0

Norman
Win32.Sality.3
19.05.2016 05:17:13

File size:
144 KB (147,456 bytes)

Product version:
1.01

Copyright:
Copyright © 2009 Ridgecrop Consultants Ltd

Original file name:
Guiformat.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\guiformat.exe

File PE Metadata
Compilation timestamp:
10/30/2013 11:45:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:/I+bchNOgECUecGoGTrvttvDF6+w4eniJE6L+cgeicdwoE1qu9l:/+hkgX/LDFRwhnim6L+T7oEn9l

Entry address:
0x4AAD

Entry point:
8D, 2D, D6, 0E, FE, 46, 85, F2, 69, FA, 47, 99, 21, CB, 22, FE, 84, E2, 8B, DA, 81, E3, 67, D2, 5F, 44, 68, 61, 3B, 6E, 00, 77, 03, 0F, B6, E8, 31, D2, F3, 1B, C3, E8, 11, 00, 00, 00, 00, DF, 49, 47, FF, CB, 85, EF, 00, C6, 86, FB, 3D, E2, 77, 00, 00, 33, C0, F2, 8D, 1D, B0, B1, 53, 5C, 29, DD, B1, C1, 8D, 35, 56, 5A, 17, 04, 05, 01, 00, 00, 00, 8B, DF, 84, CB, 80, F5, DC, 22, CF, 8D, 15, 76, 49, B9, 0F, 80, ED, EA, 3D, EB, 01, 00, 00, 0F, 8C, CD, FF, FF, FF, 58, 80, EE, 1E, 68, 28, 2B, DA, 00, 85, C1, 74...
 
[+]

Code size:
40 KB (40,960 bytes)

The file Guiformat.exe has been seen being distributed by the following URL.

http://www.ridgecrop.demon.co.uk/guiformat.exe

Remove Guiformat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.