× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05d7dbbb5043e2b7be1af768b0801c2ea88b0c45ca2b9e8dd207b544ff716729
File name: DropclothInstaller 0.3.exe
Detection ratio: 1 / 61
Analysis date: 2017-03-23 07:52:24 UTC ( 6 days, 14 hours ago )
Antivirus Result Update
Jiangmin Trojan.Antavmu.beu 20170323
Ad-Aware 20170323
AegisLab 20170323
AhnLab-V3 20170323
Alibaba 20170323
ALYac 20170323
Antiy-AVL 20170323
Arcabit 20170323
Avast 20170323
AVG 20170323
Avira (no cloud) 20170323
AVware 20170323
Baidu 20170323
BitDefender 20170323
Bkav 20170322
CAT-QuickHeal 20170322
ClamAV 20170323
CMC 20170317
Comodo 20170322
CrowdStrike Falcon (ML) 20170130
Cyren 20170323
DrWeb 20170323
Emsisoft 20170323
Endgame 20170317
ESET-NOD32 20170323
F-Prot 20170323
F-Secure 20170323
Fortinet 20170323
GData 20170323
Ikarus 20170322
Invincea 20170203
K7AntiVirus 20170323
K7GW 20170323
Kaspersky 20170323
Kingsoft 20170323
Malwarebytes 20170323
McAfee 20170323
McAfee-GW-Edition 20170323
Microsoft 20170323
eScan 20170323
NANO-Antivirus 20170323
nProtect 20170323
Palo Alto Networks (Known Signatures) 20170323
Panda 20170322
Qihoo-360 20170323
Rising 20170323
SentinelOne (Static ML) 20170315
Sophos 20170323
SUPERAntiSpyware 20170323
Symantec 20170322
Symantec Mobile Insight 20170322
Tencent 20170323
TheHacker 20170321
TrendMicro 20170323
TrendMicro-HouseCall 20170323
Trustlook 20170323
VBA32 20170322
VIPRE 20170323
ViRobot 20170323
Webroot 20170323
WhiteArmor 20170315
Yandex 20170321
Zillya 20170322
ZoneAlarm by Check Point 20170323
Zoner 20170323
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1, 0, 46, 05
Packers identified
F-PROT AutoIt, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-04 17:09:51
Entry Point 0x00071460
Number of sections 3
PE sections
Overlays
MD5 01b5b3f8ab5acf95f8d1d5ea6086e200
File type data
Offset 227840
Size 216698
Entropy 8.00
PE imports
RegCloseKey
BitBlt
LoadLibraryA
ExitProcess
GetProcAddress
OleLoadPicture
DragFinish
VerQueryValueA
mixerOpen
WSACleanup
GetOpenFileNameA
CoInitialize
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 7
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
UninitializedDataSize
253952

LinkerVersion
7.1

ImageVersion
0.0

FileVersionNumber
1.0.46.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
20480

EntryPoint
0x71460

MIMEType
application/octet-stream

FileVersion
1, 0, 46, 05

TimeStamp
2007:01:04 18:09:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 46, 05

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
208896

FileSubtype
0

ProductVersionNumber
1.0.46.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ed3e67a9637e7f9a02194f7033531410
SHA1 f07f057c8d72982c8289cff48c715911dd0a3313
SHA256 05d7dbbb5043e2b7be1af768b0801c2ea88b0c45ca2b9e8dd207b544ff716729
ssdeep
12288:rOF3k/KxAYIRT+rgHXfbgFQqIs+hwp4yUN:rOW/BRT+ryXfsonCp4yI

authentihash 42c6a8a2907f08d8599cef01615b015396848508dea02a9f92be75ee16b87025
imphash 0999a26b575dfc90d79c90c14fd5ba55
File size 434.1 KB ( 444538 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2009-07-27 17:48:26 UTC ( 7 years, 8 months ago )
Last submission 2017-03-23 07:52:24 UTC ( 6 days, 14 hours ago )
File names DropclothInstaller 0.3.exe
DropclothInstaller 0.3.exe
Dropcloth 0.3 (released March 22, 2007).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs