× Cookies er deaktiveret! Denne side kræver cookies for at fungere korrekt
SHA256: b4fb32bfaf7af54e6eabe9f7c3bc2ab95196f3bc8e64cb52266e492fad1b81d5
Filnavn: winram.exe
Opdagelses forhold: 1 / 55
Undersøgelses dato: 2015-08-09 01:51:39 UTC ( 2 åriden ) Se seneste
Antivirus Resultat Opdatere
ViRobot Trojan.Win32.A.Downloader.299854[h] 20150809
Ad-Aware 20150809
AegisLab 20150808
Yandex 20150808
AhnLab-V3 20150808
Alibaba 20150803
ALYac 20150809
Antiy-AVL 20150808
Arcabit 20150809
Avast 20150809
AVG 20150808
Avira (no cloud) 20150808
AVware 20150808
Baidu-International 20150808
BitDefender 20150809
Bkav 20150807
ByteHero 20150809
CAT-QuickHeal 20150808
ClamAV 20150808
Comodo 20150809
Cyren 20150809
DrWeb 20150809
Emsisoft 20150809
ESET-NOD32 20150808
F-Prot 20150809
F-Secure 20150807
Fortinet 20150809
GData 20150809
Ikarus 20150808
Jiangmin 20150807
K7AntiVirus 20150808
K7GW 20150808
Kaspersky 20150809
Kingsoft 20150809
Malwarebytes 20150808
McAfee 20150809
McAfee-GW-Edition 20150809
Microsoft 20150809
eScan 20150809
NANO-Antivirus 20150809
nProtect 20150807
Panda 20150808
Qihoo-360 20150809
Rising 20150807
Sophos AV 20150808
SUPERAntiSpyware 20150808
Symantec 20150809
Tencent 20150809
TheHacker 20150807
TrendMicro 20150809
TrendMicro-HouseCall 20150809
VBA32 20150807
VIPRE 20150809
Zillya 20150808
Zoner 20150809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Ldc

File version 1.0
Description WinRAM 1.0 Installation
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000171A4
Number of sections 8
PE sections
Overlays
MD5 d4487fe73d279625e6ceee5f9347a7fc
File type data
Offset 118784
Size 181070
Entropy 7.97
PE imports
GetTokenInformation
LookupPrivilegeValueA
RegCloseKey
AdjustTokenPrivileges
OpenProcessToken
GetUserNameA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
EqualSid
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
FDIDestroy
FDICreate
FDICopy
ImageList_SetBkColor
ImageList_Draw
ImageList_Create
InitCommonControls
SetDIBits
AddFontResourceA
OffsetRgn
SaveDC
CreateFontIndirectA
CombineRgn
SetStretchBltMode
GetPixel
GetObjectA
ExcludeClipRect
DeleteDC
RestoreDC
SetBkMode
SetPixel
CreateSolidBrush
IntersectClipRect
BitBlt
CreateDIBSection
SetTextColor
MoveToEx
GetStockObject
CreateBrushIndirect
GetDIBits
ExtSelectClipRgn
SetBrushOrgEx
CreateCompatibleDC
StretchBlt
StretchDIBits
SetROP2
CreateRectRgn
SelectObject
GetTextExtentPoint32A
CreateCompatibleBitmap
SetWindowOrgEx
SetBkColor
DeleteObject
SetRectRgn
GetLastError
CloseHandle
HeapFree
DosDateTimeToFileTime
GetUserDefaultLangID
FileTimeToSystemTime
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
HeapAlloc
CreateDirectoryA
GetVersionExA
RemoveDirectoryA
GetFileSize
RtlUnwind
LoadLibraryA
WinExec
GetDiskFreeSpaceA
GetDateFormatA
FileTimeToLocalFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
LocalAlloc
OpenProcess
SetFileTime
ExpandEnvironmentStringsA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetShortPathNameA
GetCommandLineA
GetProcAddress
GetProcessHeap
OpenMutexA
GetFullPathNameA
GetFileTime
SetFilePointer
GetTempPathA
RaiseException
CreateMutexA
GetModuleHandleA
ReadFile
DeleteFileA
WriteFile
GetCurrentProcess
FindFirstFileA
GetTimeFormatA
GetComputerNameA
FindNextFileA
GetSystemDirectoryA
HeapReAlloc
GetVersion
SetFileAttributesA
GetExitCodeProcess
TerminateProcess
GetModuleFileNameA
GlobalAlloc
LocalFileTimeToFileTime
FindClose
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
GetCurrentThread
SetCurrentDirectoryA
CompareStringA
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize
OleInitialize
SysReAllocStringLen
SysFreeString
SysAllocStringLen
SHGetFileInfoA
ShellExecuteExA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
EnableWindow
GetWindowRgn
SetPropA
BeginPaint
OffsetRect
GetCapture
CheckRadioButton
KillTimer
RemovePropA
PostQuitMessage
DefWindowProcA
ShowWindow
GetPropA
SetWindowPos
FindWindowA
GetSystemMetrics
EnableMenuItem
IsWindow
GetWindowRect
DispatchMessageA
ScreenToClient
PostMessageA
DrawIcon
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetWindow
GetSysColor
GetDC
GetKeyState
GetCursorPos
ReleaseDC
WaitMessage
GetClassInfoA
DestroyIcon
CreateWindowExA
DeleteMenu
SetParent
CopyImage
IsWindowVisible
IsZoomed
EnumWindows
SendMessageA
GetWindowTextA
GetClientRect
GetDCEx
CharLowerBuffA
IsIconic
RegisterClassA
GetClassLongA
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
DrawTextA
ClientToScreen
FillRect
GetUpdateRgn
ValidateRect
CallWindowProcA
GetSystemMenu
GetFocus
EndPaint
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
timeKillEvent
timeSetEvent
Number of PE resources by type
RT_ICON 3
RT_RCDATA 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
RUSSIAN 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
26624

EntryPoint
0x171a4

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
WinRAM 1.0 Installation

OSVersion
4.0

FileOS
Win32

LegalCopyright
Ldc

MachineType
Intel 386 or later, and compatibles

CompanyName
Ldc

CodeSize
91136

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Overlay parents
Compressed bundles
File identification
MD5 5ff4d2366e3325fa8a5655003e3efaa4
SHA1 3dfa74c8a3b10ce7d50f96b3b9ca4be9bccd4ff9
SHA256 b4fb32bfaf7af54e6eabe9f7c3bc2ab95196f3bc8e64cb52266e492fad1b81d5
ssdeep
6144:mYFvAFCvMRuBdiTibba12VG4TvLPCL5n5mX1AR:fJqMi+naAx7LPCbmlc

authentihash 28f1bd4cf9afd4c172de8b175b49be84df40c1c8971613e42fe14148a401faf4
imphash 09d23b7bcc87b93123c8dc3309eddfc5
File size 292.8 KB ( 299854 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Delphi generic (31.9%)
Windows screen saver (29.4%)
Win32 Dynamic Link Library (generic) (14.8%)
Win32 Executable (generic) (10.1%)
Win16/32 Executable Delphi generic (4.6%)
Tags
bobsoft overlay peexe software-collection

VirusTotal metadata
First submission 2008-11-27 12:51:34 UTC ( 8 år, 8 månederiden )
Last submission 2017-04-14 01:14:57 UTC ( 4 månederiden )
Filnavne winram.exe
smona130756653226227350667
4cd8f90928840bf98a085a4e285f1e51c4c2ddaebefa7140249ffc212bcb8592e783ca9c5f8446f46b9e6639bc81f36545d30d042ec36829cba91fdfc061de9d
5ff4d2366e3325fa8a5655003e3efaa4
get.php
winram-2.0.0.exe
WinRAM 2.0.exe
output.12934590.txt
winram_10.exe
vti-rescan
WinRAM-Setup.exe
winramboosterpro200.exe
WinRAM 2.exe
winram.exe
freewinram.exe
WinRAM v1.0.exe
file-2971469_exe
file
winram.exe
12934590
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Ingen kommentarer. Ingen af VirusTotal's medlemmer har kommenteret denne enhed, bliv den første til at gøre dette.

Efterlad din kommentar...

?
Send kommentar

Du er ikke logget ind. Kun registrerede brugere kan skrive kommentarer, log ind!

Ingen stemmer. Ingen har bedømt denne enhed endnu, bliv den første der gør det!