× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 029160e1079d04b2699b98e6676de15772036d8e0854c95845344ac64fc7e4be
File name: maas100.exe
Detection ratio: 0 / 57
Analysis date: 2016-03-23 07:28:07 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160323
AegisLab 20160323
Yandex 20160316
AhnLab-V3 20160323
Alibaba 20160323
ALYac 20160323
Antiy-AVL 20160323
Arcabit 20160323
Avast 20160323
AVG 20160322
Avira (no cloud) 20160323
AVware 20160323
Baidu 20160322
Baidu-International 20160322
BitDefender 20160323
Bkav 20160322
ByteHero 20160323
CAT-QuickHeal 20160323
ClamAV 20160319
CMC 20160322
Comodo 20160323
Cyren 20160323
DrWeb 20160323
Emsisoft 20160323
ESET-NOD32 20160323
F-Prot 20160323
F-Secure 20160323
Fortinet 20160323
GData 20160323
Ikarus 20160323
Jiangmin 20160323
K7AntiVirus 20160323
K7GW 20160323
Kaspersky 20160323
Malwarebytes 20160323
McAfee 20160323
McAfee-GW-Edition 20160323
Microsoft 20160323
eScan 20160323
NANO-Antivirus 20160323
nProtect 20160322
Panda 20160322
Qihoo-360 20160323
Rising 20160323
Sophos AV 20160323
SUPERAntiSpyware 20160323
Symantec 20160323
Tencent 20160323
TheHacker 20160321
TotalDefense 20160323
TrendMicro 20160323
TrendMicro-HouseCall 20160323
VBA32 20160322
VIPRE 20160323
ViRobot 20160323
Zillya 20160322
Zoner 20160323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Inno Setup Module v1.09a
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000B0A4
Number of sections 8
PE sections
Overlays
MD5 a81add6128c5c6d802607d7643f76626
File type data
Offset 58368
Size 814878
Entropy 8.00
PE imports
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
LoadStringA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 22:22:17+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
42496

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xb0a4

InitializedDataSize
14848

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 39c981890568b50bb5d3a6a9bbda00d8
SHA1 63bc5431a6b8a6046353accf9bf0c97bade967f5
SHA256 029160e1079d04b2699b98e6676de15772036d8e0854c95845344ac64fc7e4be
ssdeep
12288:410H9NmzY2lZ6NsnQsrcbdCi8EK8gSEiRY5PKaaYiXDanIzl+CUfge83cWfZVWJf:410dN8x6y1wRCgpE7a178CgWhVWyW

authentihash 462bcdb3ca891b22c0025cc6edc14e5e940a1bfb3a897b720b9a7508a757ed78
imphash 2566a5b232fa3480f980a136cbbde1d3
File size 852.8 KB ( 873246 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 3 (88.7%)
Win32 Executable Delphi generic (4.7%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Win16/32 Executable Delphi generic (0.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-06-02 01:10:24 UTC ( 3 years, 8 months ago )
Last submission 2016-04-08 00:58:34 UTC ( 2 years, 10 months ago )
File names 677155
maas100.exe
029160E1079D04B2699B98E6676DE15772036D8E0854C95845344AC64FC7E4BE.exe
maas100.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened service managers
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.