× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 00197ab19e6bf342dfb9984e4aeab0bc02b022257e634679ec91212a76dd72da
File name: Pically_1.0.1.exe
Detection ratio: 0 / 45
Analysis date: 2013-10-30 14:36:44 UTC ( 5 months, 3 weeks ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20131030
Agnitum 20131029
AhnLab-V3 20131030
AntiVir 20131030
Antiy-AVL 20131030
Avast 20131030
Baidu-International 20131030
BitDefender 20131030
Bkav 20131030
ByteHero 20131028
CAT-QuickHeal 20131030
ClamAV 20131029
Commtouch 20131030
Comodo 20131030
DrWeb 20131030
ESET-NOD32 20131030
Emsisoft 20131030
F-Prot 20131030
F-Secure 20131030
Fortinet 20131030
GData 20131030
Ikarus 20131030
Jiangmin 20131030
K7AntiVirus 20131029
K7GW 20131029
Kaspersky 20131030
Kingsoft 20130829
Malwarebytes 20131030
McAfee 20131030
McAfee-GW-Edition 20131030
MicroWorld-eScan 20131028
Microsoft 20131030
NANO-Antivirus 20131030
Norman 20131030
Panda 20131030
Rising 20131029
SUPERAntiSpyware 20131030
Sophos 20131030
Symantec 20131030
TheHacker 20131029
TotalDefense 20131029
TrendMicro 20131030
VBA32 20131030
VIPRE 20131030
ViRobot 20131030
nProtect 20131030
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, appended
PEiD Video-Lan-Client -> (UnknownCompiler)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-05-20 21:09:01
Link date 10:09 PM 5/20/2007
Entry Point 0x00001240
Number of sections 7
PE sections
PE imports
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumKeyA
GetLastError
FindClose
ReadFile
GetStartupInfoA
GetFileAttributesA
SetConsoleMode
WaitForSingleObject
FreeLibrary
ExitProcess
CallNamedPipeA
GetModuleFileNameA
CreateNamedPipeA
LoadLibraryA
GetExitCodeProcess
GetStdHandle
DisconnectNamedPipe
GetAtomNameA
GetVolumeInformationA
SizeofResource
GetCurrentProcessId
AddAtomA
AllocConsole
DeleteFileA
GetCurrentDirectoryA
GetCommandLineA
GetProcAddress
CreateMutexA
GetTempPathA
TlsFree
GetModuleHandleA
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetComputerNameA
FindNextFileA
GetDiskFreeSpaceA
MoveFileExA
ReadConsoleA
GetDriveTypeA
GetDiskFreeSpaceExA
ConnectNamedPipe
CreateProcessA
WriteConsoleA
GetEnvironmentVariableA
LoadResource
TlsAlloc
FindAtomA
TlsGetValue
Sleep
ReleaseMutex
TlsSetValue
CreateFileA
GetVersion
FindResourceA
SetCurrentDirectoryA
SetLastError
InterlockedIncrement
ShellExecuteA
GetWindowThreadProcessId
GetWindowLongA
EnumWindows
MessageBoxA
SetForegroundWindow
ExitWindowsEx
__p__fmode
malloc
getc
strtoul
__p__environ
_endthread
realloc
fread
fclose
strcat
atexit
abort
_setmode
_assert
printf
fflush
fopen
strlen
strncpy
_cexit
strtol
_fdopen
puts
_errno
strtod
fwrite
_beginthread
fseek
_onexit
strftime
ftell
_strdup
sprintf
_fileno
_ctype
exit
strxfrm
strchr
memset
_isctype
_pctype
free
getenv
setlocale
_isatty
atoi
__getmainargs
_write
strcoll
memcpy
_vsnprintf
memmove
localeconv
strcmp
strcpy
setvbuf
__mb_cur_max
ungetc
fprintf
__set_app_type
signal
memchr
_iob
PE exports
Number of PE resources by type
JAVA 3
RT_ICON 2
RT_GROUP_ICON 2
Number of PE resources by language
ENGLISH US 7
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:05:20 22:09:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
411172

LinkerVersion
2.56

EntryPoint
0x1240

InitializedDataSize
449024

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
18944

File identification
MD5 2041326f36688f13810e2dcd8400ba11
SHA1 e198994a98cc040b946099c3c3670ce4538a5a8f
SHA256 00197ab19e6bf342dfb9984e4aeab0bc02b022257e634679ec91212a76dd72da
ssdeep
98304:uhINNictk6Sd29yOsK85wBW0FjtSLlHJAbkIEQqiIgp8S3cUV6s:tNQchSd6yOsK4GFjILlD6qBgONUV

imphash 393ae1647aee6373b1ed90950be4b4bb
File size 4.9 MB ( 5092864 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386

TrID InstallShield setup (36.7%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2012-02-12 12:39:45 UTC ( 2 years, 2 months ago )
Last submission 2013-12-06 04:14:42 UTC ( 4 months, 2 weeks ago )
File names output.16176291.txt
Pically_1.0.1.exe
index.php
285639-Pically-1_0_1.exe
file-4029789_exe
16176291
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!