× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1402d0f47dc8a6effbdcdceced1296770730ad4fc17cb37d6d9650d3e2b1a52
File name: 2407WFP-HC.EX
Detection ratio: 6 / 46
Analysis date: 2013-04-29 12:36:39 UTC ( 11 months, 4 weeks ago ) View latest
Antivirus Result Update
Avast Win32:Sality 20130429
GData Win32:Sality 20130429
Ikarus Virus.Win32.Sality 20130429
NANO-Antivirus Virus.Win32.Sality.bgiylc 20130429
Panda Suspicious file 20130429
TrendMicro-HouseCall TROJ_GEN.F47V0410 20130429
AVG 20130429
Agnitum 20130427
AhnLab-V3 20130428
AntiVir 20130429
Antiy-AVL 20130429
BitDefender 20130429
ByteHero 20130425
CAT-QuickHeal 20130429
ClamAV 20130429
Commtouch 20130429
Comodo 20130429
DrWeb 20130429
ESET-NOD32 20130429
Emsisoft 20130429
F-Prot 20130429
F-Secure 20130429
Fortinet 20130429
Jiangmin 20130429
K7AntiVirus 20130426
K7GW 20130426
Kaspersky 20130429
Kingsoft 20130422
Malwarebytes 20130429
McAfee 20130429
McAfee-GW-Edition 20130429
MicroWorld-eScan 20130429
Microsoft 20130429
Norman 20130429
PCTools 20130429
SUPERAntiSpyware 20130429
Sophos 20130429
Symantec 20130429
TheHacker 20130426
TotalDefense 20130429
TrendMicro 20130429
VBA32 20130429
VIPRE 20130429
ViRobot 20130429
eSafe 20130423
nProtect 20130429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
File version 1.3.2.6557
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-11-07 16:28:41
Link date 5:28 PM 11/7/2006
Entry Point 0x0000F152
Number of sections 5
PE sections
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
LineTo
DeleteDC
EnumFontFamiliesA
SetBkMode
SelectObject
GetTextExtentPoint32A
MoveToEx
CreatePen
GetStockObject
TextOutA
CreateFontIndirectA
GetTextMetricsA
CreateSolidBrush
BitBlt
SetBkColor
CreateCompatibleDC
DeleteObject
SetTextColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
lstrcatA
_llseek
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
GetEnvironmentVariableA
FindClose
InterlockedDecrement
SetLastError
GetSystemTime
InitializeCriticalSection
CopyFileA
ExitProcess
GetVersionExA
RemoveDirectoryA
GetVolumeInformationA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
_lclose
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
LocalFileTimeToFileTime
GetCurrentThreadId
LeaveCriticalSection
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetFullPathNameA
GetProcAddress
_lread
CompareStringW
FindFirstFileA
lstrcpyA
CompareStringA
FindNextFileA
GetTimeZoneInformation
GetFileType
SetVolumeLabelA
TlsSetValue
CreateFileA
HeapAlloc
InterlockedIncrement
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
LCMapStringA
GetEnvironmentStringsW
GetModuleFileNameA
WinExec
OpenFile
_lwrite
GetEnvironmentStrings
CompareFileTime
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
SetFilePointer
ReadFile
CloseHandle
GetACP
GetVersion
FileTimeToLocalFileTime
CreateProcessA
HeapCreate
VirtualFree
Sleep
VirtualAlloc
WNetGetConnectionA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
FindExecutableA
SetFocus
GetMessageA
GetParent
UpdateWindow
BeginPaint
EnumWindows
KillTimer
PostQuitMessage
DefWindowProcA
ShowWindow
MessageBeep
LoadBitmapA
SetWindowPos
EndPaint
SetWindowWord
DdeDisconnect
DdeCreateStringHandleA
DdeUninitialize
GetWindowRect
DispatchMessageA
EnableWindow
UnregisterClassA
PostMessageA
MoveWindow
ScreenToClient
MessageBoxA
PeekMessageA
SetWindowLongA
AdjustWindowRectEx
TranslateMessage
FrameRect
GetSysColor
SetActiveWindow
GetDC
DestroyCursor
ReleaseDC
DdeInitializeA
GetDlgCtrlID
GetClassInfoA
DestroyIcon
wsprintfA
SendMessageA
GetDesktopWindow
GetClientRect
SetTimer
DdeGetLastError
GetWindowLongA
LoadIconA
DdeClientTransaction
EnableMenuItem
RegisterClassA
InvalidateRect
DrawFocusRect
CreateWindowExA
LoadCursorA
OemToCharA
SetWindowTextA
DdeFreeStringHandle
GetWindowWord
DdeCreateDataHandle
CallWindowProcA
DdeConnect
FillRect
GetWindowTextA
GetDlgItem
DestroyWindow
IsDialogMessageA
SetCursor
CoTaskMemFree
Number of PE resources by type
RT_BITMAP 13
RT_ICON 6
RT_GROUP_ICON 6
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 28
FRENCH CANADIAN 1
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.3.2.6557

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
36864

MIMEType
application/octet-stream

FileVersion
1.3.2.6557

TimeStamp
2006:11:07 17:28:41+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:12:16 19:37:50+01:00

SubsystemVersion
4.0

OSVersion
4.0

FileCreateDate
2013:12:16 19:37:50+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
81920

FileSubtype
0

ProductVersionNumber
1.3.2.6557

EntryPoint
0xf152

ObjectFileType
Executable application

File identification
MD5 a6105ff64b5e0b92e853044da75f48e3
SHA1 f2155e804909c37ad9814dfbc585a2d07bdd6d09
SHA256 c1402d0f47dc8a6effbdcdceced1296770730ad4fc17cb37d6d9650d3e2b1a52
ssdeep
6144:/dzd2DWwWtf3XDHEuaipkopaoerDLPFF:FBiWw8H1pkOP23

File size 246.8 KB ( 252760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-04-10 07:55:15 UTC ( 1 year ago )
Last submission 2013-10-18 04:35:49 UTC ( 6 months, 1 week ago )
File names 2407wfp-hc.exe
2407WFP-HC.EXE
2407WFP-HC.EX
wfp-hc.exe
2407WFP-HC.EXE.dat
vti-rescan
bf684958d17ebb5e6be4c93c09c9a725e2d2d99e
2407WFP-HC.EXE
2407WFP-HC.exe
a6105ff64b5e0b92e853044da75f48e3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files