× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: e9a71e02776f50a4eb345bb2e02dd656cd59d6b5dd1ec071d5aaeaa7e10ac1ca
Dateiname: Audomate-4.9.331.exe
Erkennungsrate: 0 / 49
Analyse-Datum: 2014-03-19 10:46:10 UTC ( vor 4 Jahre, 9 Monate ) Zeige Neueste
Antivirus Ergebnis Aktualisierung
Ad-Aware 20140319
AegisLab 20140319
Yandex 20140318
AhnLab-V3 20140318
AntiVir 20140319
Antiy-AVL 20140319
Avast 20140319
AVG 20140317
Baidu-International 20140319
BitDefender 20140319
Bkav 20140318
ByteHero 20140319
CAT-QuickHeal 20140319
ClamAV 20140319
CMC 20140319
Commtouch 20140319
Comodo 20140319
DrWeb 20140319
Emsisoft 20140319
ESET-NOD32 20140319
F-Prot 20140319
F-Secure 20140319
Fortinet 20140319
GData 20140319
Ikarus 20140319
Jiangmin 20140319
K7AntiVirus 20140318
K7GW 20140318
Kaspersky 20140319
Kingsoft 20140319
Malwarebytes 20140319
McAfee 20140319
McAfee-GW-Edition 20140319
Microsoft 20140319
eScan 20140319
NANO-Antivirus 20140319
Norman 20140319
nProtect 20140318
Panda 20140318
Qihoo-360 20140319
Rising 20140319
Sophos AV 20140319
SUPERAntiSpyware 20140319
Symantec 20140319
TheHacker 20140314
TotalDefense 20140319
TrendMicro 20140319
TrendMicro-HouseCall 20140319
VBA32 20140319
VIPRE 20140319
ViRobot 20140319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Dieter Pohl

Publisher Dieter Pohl
File version 4.9.331
Description Audomate MP3 DJ Datenbank
Signature verification Signed file, verified signature
Signing date 11:11 AM 3/19/2014
Signers
[+] Dieter Pohl
Status Valid
Issuer None
Valid from 8:02 AM 2/26/2014
Valid to 7:47 AM 2/27/2016
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.21, Lifetime Signing
Algorithm SHA1
Thumbprint E9E19E55AB59F598963C025E634DD03170AFFD52
Serial number 0D 43
[+] StartCom Class 2 Primary Intermediate Object CA
Status Valid
Issuer None
Valid from 11:01 PM 10/24/2007
Valid to 11:01 PM 10/24/2017
Valid usage All
Algorithm SHA1
Thumbprint D893C4F678F891F2823CD078AA5E1C48FD1DA225
Serial number 24
[+] StartCom Certification Authority
Status Valid
Issuer None
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbprint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Counter signers
[+] StartCom Time-Stamping Authority
Status Valid
Issuer None
Valid from 1:00 AM 1/31/2011
Valid to 12:59 AM 2/1/2021
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 962FDDD76C6145ADAFA5E9AD98E3020D0821DD81
Serial number 40
[+] StartCom Certification Authority
Status Valid
Issuer None
Valid from 8:46 PM 9/17/2006
Valid to 8:46 PM 9/17/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm SHA1
Thumbrint 3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Serial number 01
Packers identified
PEiD Wise Installer Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-04-08 20:24:47
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
GetTempPathA
CreateProcessA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
DeleteFileA
WriteFile
CloseHandle
GetTempFileNameA
CreateFileMappingA
CreateFileA
GetCommandLineA
GetModuleFileNameA
GetShortPathNameA
wsprintfA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
14004224

ImageVersion
0.0

FileVersionNumber
4.9.331.0

terPohl
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

LinkerVersion
6.0

XXXX
|,LegalCopyright

CharacterSet
Windows, Latin1

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
,FileDescription

MIMEType
application/octet-stream

FileVersion
4.9.331

TimeStamp
1999:04:08 21:24:47+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:04:14 00:38:54+01:00

omateMP3DJDatenbank
XXXXXXXXXXXXXXXXX

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2014:04:14 00:38:54+01:00

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
diepol.de

CodeSize
512

FileSubtype
0

ProductVersionNumber
4.9.331.0

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 4bbd5cdcec3b38e8d0083a926b0e4cc7
SHA1 f9ef60a451424e5d2df84a210bb1d6e308a0d048
SHA256 e9a71e02776f50a4eb345bb2e02dd656cd59d6b5dd1ec071d5aaeaa7e10ac1ca
ssdeep
196608:KGsqRchxnSN1EU901YPE8l5893jr//c5uzeMrolmcmuukYgmvwSnC8tHKinv1CG3:bDShxI1tZ5893Hc5uRofmV3lomC4KYsa

imphash 81638d02019c0bfcaaf23a9c69f2f12c
File size 13.4 MB ( 14012088 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (94.4%)
Win32 Executable MS Visual C++ (generic) (3.7%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
peexe wise signed

VirusTotal metadata
First submission 2014-03-19 10:46:10 UTC ( vor 4 Jahre, 9 Monate )
Last submission 2014-03-19 10:46:10 UTC ( vor 4 Jahre, 9 Monate )
Dateinamen Audomate-4.9.331.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Runtime DLLs