× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0a52aa39781b4f12e8e6f36fcd2084ddc57d6d0151017c836ee93dbc0caa6b5a
File name: Condition Zero Uninstaller.exe
Detection ratio: 0 / 52
Analysis date: 2014-05-29 08:02:28 UTC ( 4 years, 5 months ago )
Antivirus Result Update
Ad-Aware 20140529
AegisLab 20140529
Yandex 20140528
AhnLab-V3 20140529
AntiVir 20140529
Antiy-AVL 20140529
Avast 20140529
AVG 20140529
Baidu-International 20140529
BitDefender 20140529
Bkav 20140528
ByteHero 20140529
CAT-QuickHeal 20140529
ClamAV 20140529
CMC 20140528
Commtouch 20140529
Comodo 20140529
DrWeb 20140528
Emsisoft 20140529
ESET-NOD32 20140528
F-Prot 20140529
F-Secure 20140529
Fortinet 20140529
GData 20140529
Ikarus 20140529
Jiangmin 20140529
K7AntiVirus 20140528
K7GW 20140528
Kaspersky 20140529
Kingsoft 20140529
Malwarebytes 20140529
McAfee 20140529
McAfee-GW-Edition 20140528
Microsoft 20140529
eScan 20140529
NANO-Antivirus 20140529
Norman 20140529
nProtect 20140528
Panda 20140528
Qihoo-360 20140529
Rising 20140528
Sophos AV 20140529
SUPERAntiSpyware 20140529
Symantec 20140529
Tencent 20140529
TheHacker 20140529
TotalDefense 20140528
TrendMicro 20140529
TrendMicro-HouseCall 20140529
VBA32 20140528
VIPRE 20140529
ViRobot 20140529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-03-05 18:36:47
Entry Point 0x000069D7
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
GetDeviceCaps
DeleteDC
SelectObject
CreateFontA
CreatePalette
GetStockObject
CreateDIBitmap
CreateSolidBrush
SetBkMode
SetBkColor
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetTextColor
StretchDIBits
GetLastError
HeapFree
GetStdHandle
LCMapStringW
ReadFile
SetHandleCount
LoadLibraryA
lstrlenA
GetFileAttributesA
CreateMutexA
GetOEMCP
LCMapStringA
CopyFileA
HeapAlloc
GlobalUnlock
GetEnvironmentStringsW
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
GetShortPathNameA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
CompareFileTime
MoveFileExA
GetFileSize
lstrcatA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileTime
GetModuleHandleA
GetTempPathA
GetCPInfo
GetStringTypeA
SetFilePointer
GetCurrentDirectoryA
GlobalFree
GlobalReAlloc
WriteFile
GetStartupInfoA
CloseHandle
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
GlobalLock
SetFileAttributesA
FreeLibrary
MoveFileA
TerminateProcess
CreateProcessA
WideCharToMultiByte
HeapCreate
lstrcpyA
GlobalAlloc
VirtualFree
HeapDestroy
Sleep
GetFileType
GetTickCount
GetExitCodeProcess
CreateFileA
ExitProcess
GetVersion
VirtualAlloc
SetCurrentDirectoryA
MulDiv
LoadTypeLib
UnRegisterTypeLib
ShellExecuteA
SetFocus
GetMessageA
GetParent
SystemParametersInfoA
EndDialog
PostQuitMessage
DefWindowProcA
ShowWindow
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
ChildWindowFromPoint
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
GetDC
RegisterClassExA
ReleaseDC
WaitMessage
SetWindowTextA
SendMessageA
GetDlgItem
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetDesktopWindow
LoadImageA
MsgWaitForMultipleObjects
GetWindowTextA
ExitWindowsEx
IsDialogMessageA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
Number of PE resources by type
RT_DIALOG 2
RT_GROUP_CURSOR 1
RT_ICON 1
RT_MANIFEST 1
RT_CURSOR 1
RT_GROUP_ICON 1
Number of PE resources by language
FINNISH DEFAULT 7
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:03:05 19:36:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
35840

LinkerVersion
6.0

FileAccessDate
2014:05:29 08:59:34+01:00

EntryPoint
0x69d7

InitializedDataSize
13312

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:29 08:59:34+01:00

UninitializedDataSize
0

File identification
MD5 95d3537135e27395b111d3716fb1d1e2
SHA1 7afcace6c14d8edc304c22fa7e1966aa30b2abac
SHA256 0a52aa39781b4f12e8e6f36fcd2084ddc57d6d0151017c836ee93dbc0caa6b5a
ssdeep
12288:0N51Ld0rjA/Q8/ZsseY/44WVcmtBF1i+VC2xvJyBg2F7:0Nndf7xZeYwrBni+VCkvJr8

imphash d2703134efcbd1d545d202d8baa4b1f6
File size 713.4 KB ( 730536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-29 08:02:28 UTC ( 4 years, 5 months ago )
Last submission 2014-05-29 08:02:28 UTC ( 4 years, 5 months ago )
File names Condition Zero Uninstaller.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Deleted files
Created processes
Created mutexes
Runtime DLLs