Antivirus scan for 971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710 at 2015-10-06 22:15:37 UTC

Antivirus	Resultat	Opdatere
Ad-Aware		20151006
AegisLab		20151006
Yandex		20151004
AhnLab-V3		20151006
Alibaba		20150927
ALYac		20151006
Antiy-AVL		20151006
Arcabit		20151006
Avast		20151006
AVG		20151006
Avira (no cloud)		20151006
AVware		20151006
Baidu-International		20151006
BitDefender		20151006
Bkav		20151006
ByteHero		20151006
CAT-QuickHeal		20151006
ClamAV		20151006
CMC		20151005
Comodo		20151006
Cyren		20151006
DrWeb		20151006
Emsisoft		20151006
ESET-NOD32		20151006
F-Prot		20151006
F-Secure		20151006
Fortinet		20151006
GData		20151006
Ikarus		20151006
Jiangmin		20151005
K7AntiVirus		20151006
K7GW		20151006
Kaspersky		20151006
Kingsoft		20151006
Malwarebytes		20151006
McAfee		20151006
McAfee-GW-Edition		20151006
Microsoft		20151006
eScan		20151006
NANO-Antivirus		20151006
nProtect		20151006
Panda		20151006
Qihoo-360		20151006
Rising		20151006
Sophos AV		20151006
SUPERAntiSpyware		20151006
Symantec		20151006
Tencent		20151006
TheHacker		20151006
TrendMicro		20151006
TrendMicro-HouseCall		20151006
VBA32		20151006
VIPRE		20151006
ViRobot		20151006
Zillya		20151006
Zoner		20151006

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

Product DeployMaster

Internal name Setup

File version 1.2.0.1

Description SilentSwitchFinder

Comments This installation package is built with Just Great Software DeployMaster. Please visit http://www.DeployMaster.com for more information.

Packers identified

PEiD BobSoft Mini Delphi -> BoB / BobSoft

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 2013-08-08 05:25:01

Entry Point 0x000080BC

Number of sections 8

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

.text 4096 27112 27136 6.60 1898016cc4ff9a7d199f8e6899381833

.itext 32768 216 512 2.87 6f0708f5910cc5381405d75f3abbb66e

.data 36864 1960 2048 1.19 1c595c7532ddb6a8ffc8aec953855f05

.bss 40960 11340 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.idata 53248 1756 2048 3.98 cd5c707552821dc9efd581b556b76b1a

.tls 57344 8 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.rdata 61440 24 512 0.20 0edb375c227b5d6c6bc9a5edd0baf4c6

.rsrc 65536 15872 15872 4.23 fc17487a1816ff2fe8c4087bc5eaa710

Overlays

MD5 6ec10e3f12ee4d159f69520f993cdccd

File type data

Offset 49152

Size 5059888

Entropy 8.00

PE imports

Number of PE resources by type

RT_ICON 5

RT_RCDATA 2

RT_GROUP_ICON 1

RT_VERSION 1

RT_MANIFEST 1

Number of PE resources by language

ENGLISH US 8

NEUTRAL 2

PE resources

055d23f7fee66ebfb832ec8b28ed5216c4902c22e0cab56da5a69b78eef8ceae data

1673b843b3125503e3607a87b063b4934ef418cce4d22695c9fe3f2541305df1 data

88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610 data

8abe355703c7af49de6a5d070a1dad2f1219124ab6f52206793a9db9469f863a data

99e50040c57b984c165626057cb689cf9345df2108ec8a2347027ce9287f95f6 data

a8c1ca3e0fef25babd1a9bf0fa7938281174bbedd8298302780940ebfbd5a099 data

ad8b411d10df05bca6856cf02c9520e9d99cbf47794e3db6921ecef71cb7fa67 data

c66736605b425582574a821a5d6d1e8d1290c1d632d0f6d955a7775a04400678 ASCII text

d41f9ab09083501b7c47e943a7d86d3716f52bbef0fd491d7863975ab583db48 data

e5d8f4331a3977d1d6b988c8da7f63f53669673c3ec2f75052d269dcfda31d81 data

ExifTool file metadata

SubsystemVersion

4.0

Comments

This installation package is built with Just Great Software DeployMaster. Please visit http://www.DeployMaster.com for more information.

LinkerVersion

2.25

ImageVersion

0.0

FileSubtype

FileVersionNumber

1.2.0.1

LanguageCode

English (U.S.)

FileFlagsMask

0x003f

FileDescription

SilentSwitchFinder

ImageFileCharacteristics

No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet

Windows, Latin1

InitializedDataSize

20480

EntryPoint

0x80bc

MIMEType

application/octet-stream

LegalCopyright

2007-2014 J.Malmgren - www.tryware.d

FileVersion

1.2.0.1

TimeStamp

2013:08:08 07:25:01+02:00

FileType

Win32 EXE

PEType

PE32

InternalName

Setup

ProductVersion

1.2.0

UninitializedDataSize

OSVersion

4.0

FileOS

Win32

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

CompanyName

TrywareDk

CodeSize

27648

ProductName

DeployMaster

ProductVersionNumber

1.2.0.1

FileTypeExtension

exe

ObjectFileType

Executable application

File identification

MD5 5d494309f63ff7f32096311b38696c2d

SHA1 dd44d6585eba864d85c11dfba4ee9d1254ded50e

SHA256 971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710

ssdeep

98304:pXL8zhob26ZiTpIK4wwJR2EeGmW1fSr7WkztRp9cESHmgu32RR0:qtob2tpIKVwPe/SESGJ3yC

authentihash 7a72320226275fa1daca1a93eb893e9bdfb3427491b18fcf27f4d40382ad57b4

imphash a8a131e17abf50f28b49a7b35aff709f

File size 4.9 MB ( 5109040 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Windows screen saver (40.5%) Win32 Dynamic Link Library (generic) (20.3%) Win32 Executable (generic) (13.9%) Win16/32 Executable Delphi generic (6.4%) OS/2 Executable (generic) (6.2%)

VirusTotal metadata

First submission 2015-10-06 22:15:37 UTC ( 3 år, 6 månederiden )

Last submission 2018-09-21 03:35:42 UTC ( 7 månederiden )

Filnavne

Setup
971C9559F267ECD9C921A12E1AE9135035BF6D6ABCBF146164136120B49F7710
SilentSwitchFinder-x86.exe

Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

Opened files

C:\971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710 (successful)

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710 (successful)

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\SilentSwitchFinder-Readme.txt (successful)

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\EULA-Copyright.txt (successful)

Read files

C:\971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710 (successful)

Written files

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710 (successful)

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\SilentSwitchFinder-Readme.txt (successful)

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\EULA-Copyright.txt (successful)

Deleted files

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710 (failed)

Created processes

C:\DOCUME~1\<USER>~1\LOCALS~1\Temp\971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710" "C:\971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710"" (successful)

Runtime DLLs

advapi32.dll (successful)

c:\windows\system32\imm32.dll (successful)

imm32.dll (successful)

ole32.dll (successful)

oleaut32.dll (successful)

uxtheme.dll (successful)

rpcrt4.dll (successful)

SHA256:	971c9559f267ecd9c921a12e1ae9135035bf6d6abcbf146164136120b49f7710
Filnavn:	SilentSwitchFinder-x86.exe
Opdagelses forhold:	0 / 56
Undersøgelses dato:	2015-10-06 22:15:37 UTC ( 3 år, 6 månederiden ) Se seneste

Ciphered bundle

FileVersionInfo properties

Packers identified

PE header basic information

PE sections

Overlays

PE imports

Number of PE resources by type

Number of PE resources by language

PE resources

ExifTool file metadata

File identification

VirusTotal metadata

Efterlad din kommentar...

Opened files

Read files

Written files

Deleted files

Created processes

Runtime DLLs

Genopret dit kodeord

Tilmed dig VirusTotal fælleskabet

Log ind