× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 088f40a7a52635ff19e80c62883977d94dd5835e85739e19504f7437d296760b
File name: r12.exe
Detection ratio: 3 / 42
Analysis date: 2012-10-02 14:08:51 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
Comodo TrojWare.Win32.Trojan.Agent.Gen 20121002
Sophos AV Mal/Generic-L 20121002
TrendMicro-HouseCall TROJ_GEN.R15H1J1 20121002
AhnLab-V3 20121002
AntiVir 20121002
Antiy-AVL 20121001
Avast 20121002
AVG 20121002
BitDefender 20121002
ByteHero 20121002
CAT-QuickHeal 20121001
ClamAV 20121001
Commtouch 20121002
DrWeb 20121002
Emsisoft 20120919
eSafe 20120927
eScan 20121002
ESET-NOD32 20121002
F-Prot 20120926
F-Secure 20121002
Fortinet 20121002
GData 20121002
Ikarus 20121002
Jiangmin 20121001
K7AntiVirus 20121002
Kaspersky 20121001
McAfee 20121002
McAfee-GW-Edition 20121001
Microsoft 20121002
Norman 20121002
nProtect 20121001
Panda 20121002
PCTools 20121002
Rising 20120928
SUPERAntiSpyware 20120911
Symantec 20121002
TheHacker 20121001
TotalDefense 20121002
TrendMicro 20121002
VBA32 20121002
VIPRE 20121002
ViRobot 20121002
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-10-12 20:37:51
Entry Point 0x00025650
Number of sections 5
PE sections
PE imports
CloseServiceHandle
ChangeServiceConfig2W
StartServiceW
OpenProcessToken
GetUserNameW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerW
OpenServiceW
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
LookupPrivilegeValueW
DeleteService
CreateServiceW
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
FormatMessageW
CreateEventW
TlsGetValue
SetLastError
InitializeCriticalSection
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateThread
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
TerminateProcess
VirtualQueryEx
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
GetDateFormatA
OpenProcess
GetStartupInfoW
ReadProcessMemory
GetProcAddress
GetProcessHeap
CompareStringW
GetTimeFormatA
FreeConsole
IsValidLocale
GetUserDefaultLCID
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
Sleep
EnumProcesses
GetProcessImageFileNameW
Ord(680)
wsprintfW
OleInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2010:10:12 21:37:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
237568

LinkerVersion
10.0

ImageFileCharacteristics
Executable, 32-bit

EntryPoint
0x25650

InitializedDataSize
64000

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 c86327222d873fb4e12900a5cadcb849
SHA1 b1983db46e0cb4687e4c55b64c4d8d53551877fa
SHA256 088f40a7a52635ff19e80c62883977d94dd5835e85739e19504f7437d296760b
ssdeep
6144:5GM9f8BHPlmg2XR2j0mYHLptiVK0LZV3C5:5x98HPlmg6R2j0mYF4VRLZtq

authentihash 0ce90ba0d06e02ac59a7d97881f0f864e0d1684dd264cf6aa50ceead68064994
imphash 36f45b4fc28024edaa6b07d01662b07e
File size 295.5 KB ( 302592 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2011-02-16 14:11:57 UTC ( 8 years, 1 month ago )
Last submission 2018-10-16 04:40:23 UTC ( 5 months ago )
File names 25793961
wnhelp1.exe
output.17584094.txt
wnhelp.exe
vti-rescan
154_05_19_2017_22_42_40_wnhelp.exe.malware
MlyManager.exe
wnhelp.exe
vt-upload-EsMlw
81c1d808556ab7e61e5aab99ab3577f1302592.exe
17584094
wnhelp [1-31855].exe
r12.exe
file-3273543_exe
wnhelp.exe
154_05_19_2017_22_42_40_wnhelp.exe.malware
c86327222d873fb4e12900a5cadcb849
dx_PE_ (602).exe
w.exe
wn32.exe
audioxd.exe
wn64.exe
b1983db46e0cb4687e4c55b64c4d8d53551877fa
swn.exe
WNHELP.EXE
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!