× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05e7f1bab45acb9608e738ccf689c899a83a7e49d64ba3ae5365c9ada3aae3e2
File name: D07B79F2A6B41583B2B5733DC1006593709AD6DE.{PE}
Detection ratio: 2 / 43
Analysis date: 2012-03-03 13:51:51 UTC ( 7 years ago ) View latest
Antivirus Result Update
Comodo TrojWare.Win32.Kryptik.AAOH 20120303
Fortinet W32/Kryptik.ZVL!tr 20120303
AhnLab-V3 20120303
AntiVir 20120302
Antiy-AVL 20120303
Avast 20120303
AVG 20120303
BitDefender 20120303
ByteHero 20120225
CAT-QuickHeal 20120302
ClamAV 20120303
Commtouch 20120302
DrWeb 20120303
Emsisoft 20120303
eSafe 20120229
eTrust-Vet 20120302
F-Prot 20120302
F-Secure 20120303
GData 20120303
Ikarus 20120303
Jiangmin 20120301
K7AntiVirus 20120302
Kaspersky 20120303
McAfee 20120301
McAfee-GW-Edition 20120302
Microsoft 20120303
NOD32 20120303
Norman 20120302
nProtect 20120303
Panda 20120303
PCTools 20120228
Prevx 20120303
Rising 20120302
Sophos AV 20120303
SUPERAntiSpyware 20120302
Symantec 20120303
TheHacker 20120303
TrendMicro 20120303
TrendMicro-HouseCall 20120303
VBA32 20120302
VIPRE 20120303
ViRobot 20120303
VirusBuster 20120303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0002B338
Number of sections 8
PE sections
Overlays
MD5 78f5f720321e836d1bcdb48f332c5107
File type data
Offset 193024
Size 512
Entropy 7.52
PE imports
GetSystemTime
AttachConsole
InterlockedPopEntrySList
CancelTimerQueueTimer
GetConsoleCP
CompareStringW
GlobalGetAtomNameA
TlsAlloc
LoadLibraryA
GetStartupInfoA
GetProfileSectionW
CreateActCtxA
LZCreateFileW
AddConsoleAliasW
FoldStringW
BackupRead
SetStdHandle
GetVolumeNameForVolumeMountPointA
SetCalendarInfoA
ReleaseActCtx
MoveFileExA
WriteProfileSectionA
AllocateUserPhysicalPages
InitializeCriticalSection
PropSysAllocString
UpdateDCOMSettings
OleSave
GetErrorInfo
CoBuildVersion
HACCEL_UserSize
EndDialog
CharNextExA
FindWindowW
CascadeWindows
GetClipboardData
OemToCharBuffA
CreateIconFromResource
OpenIcon
LoadBitmapA
ChangeMenuW
ChildWindowFromPoint
GetInputDesktop
SetThreadDesktop
GetKeyState
MapDialogRect
EditWndProc
GetMenuStringA
SetWindowsHookExW
IsWindowUnicode
OemToCharW
FlashWindow
DrawCaptionTempW
WTSVirtualChannelPurgeOutput
WTSWaitSystemEvent
WTSLogoffSession
WTSVirtualChannelClose
WTSVirtualChannelRead
Number of PE resources by type
RT_DIALOG 4
Number of PE resources by language
ENGLISH US 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
173568

LinkerVersion
8.0

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x2b338

InitializedDataSize
18432

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 36d4b7bf9bf5f5d262e14b22b029c357
SHA1 d07b79f2a6b41583b2b5733dc1006593709ad6de
SHA256 05e7f1bab45acb9608e738ccf689c899a83a7e49d64ba3ae5365c9ada3aae3e2
ssdeep
3072:S1LEfgYVg+J2zQRIhDhxPVqPQkQxhd4pinflYQunlrGUcMpLlKiipKbasHd:yYIYVg+J8U+DhpVqPQkqlflYllrGCpBr

authentihash 73f6cb9d35741bc468fc0977b57f56eb40717597e554bf4f8bab004eeee7c701
imphash 22e971143c4511447fed4ae4831dbb0d
File size 189.0 KB ( 193536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Windows screen saver (40.5%)
Win32 Dynamic Link Library (generic) (20.3%)
Win32 Executable (generic) (13.9%)
Win16/32 Executable Delphi generic (6.4%)
OS/2 Executable (generic) (6.2%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-03-03 12:06:05 UTC ( 7 years ago )
Last submission 2019-01-18 22:09:45 UTC ( 2 months ago )
File names smona_05e7f1bab45acb9608e738ccf689c899a83a7e49d64ba3ae5365c9ada3aae3e2.bin
3153465600536B63F42A02318A0DC900AFC454AA.exe
aa
05e7f1bab45acb9608e738ccf689c899a83a7e49d64ba3ae5365c9ada3aae3e2.bin
file-3622592_{PE}
yS0aNzBLF.pps
435wyphBO1.tif
05e7f1bab45acb9608e738ccf689c899a83a7e49d64ba3ae5365c9ada3aae3e2
36d4b7bf9bf5f5d262e14b22b029c357
18.{PE}
9712f
18..exe
D07B79F2A6B41583B2B5733DC1006593709AD6DE.{PE}
9712f-YzEgRq
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!