× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0be45b0d4f36875b31a9c8b9829b28c97972321ff9ada2c528ac4b6355ac7684
File name: Warframe Tier 3 Defense Drops.exe
Detection ratio: 3 / 49
Analysis date: 2013-12-25 01:18:08 UTC ( 3 months, 4 weeks ago )
Antivirus Result Update
Symantec WS.Reputation.1 20131225
TrendMicro-HouseCall TROJ_GEN.F47V0611 20131225
ViRobot Backdoor.Win32.A.Swrort.175104 20131224
AVG 20131224
Ad-Aware 20131225
Agnitum 20131224
AhnLab-V3 20131224
AntiVir 20131224
Antiy-AVL 20131224
Avast 20131225
Baidu-International 20131213
BitDefender 20131225
Bkav 20131224
ByteHero 20130613
CAT-QuickHeal 20131222
CMC 20131224
ClamAV 20131225
Commtouch 20131224
Comodo 20131224
DrWeb 20131225
ESET-NOD32 20131224
Emsisoft 20131225
F-Prot 20131224
F-Secure 20131225
Fortinet 20131225
GData 20131225
Ikarus 20131224
Jiangmin 20131223
K7AntiVirus 20131224
K7GW 20131224
Kaspersky 20131225
Kingsoft 20130829
Malwarebytes 20131224
McAfee 20131225
McAfee-GW-Edition 20131224
MicroWorld-eScan 20131225
Microsoft 20131225
NANO-Antivirus 20131224
Norman 20131224
Panda 20131224
Rising 20131223
SUPERAntiSpyware 20131224
Sophos 20131225
TheHacker 20131223
TotalDefense 20131224
TrendMicro 20131225
VBA32 20131224
VIPRE 20131225
nProtect 20131224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-25 09:26:27
Link date 10:26 AM 5/25/2012
Entry Point 0x000090A5
Number of sections 5
PE sections
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
FindClose
TlsGetValue
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
LoadLibraryExA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
GetFileInformationByHandle
FindFirstFileExA
FindNextFileA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
RemoveDirectoryA
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
CreateProcessW
Sleep
Ord(14)
Number of PE resources by type
RT_ICON 6
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:25 10:26:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77312

LinkerVersion
10.0

FileAccessDate
2013:12:25 02:18:12+01:00

EntryPoint
0x90a5

InitializedDataSize
147456

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2013:12:25 02:18:12+01:00

UninitializedDataSize
0

File identification
MD5 1c5a84c17d3f88bdc14b0dcaeca6940f
SHA1 4ff3afcb5154205ab923783bbcc3d32108d846c8
SHA256 0be45b0d4f36875b31a9c8b9829b28c97972321ff9ada2c528ac4b6355ac7684
ssdeep
196608:5V2sekZ9bxUFlfflx/muVmT4jnR2mESz26entHrZbXBHIi:PXP9+LxcTcWSfet9rhIi

File size 8.5 MB ( 8962501 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-06-11 09:18:02 UTC ( 10 months, 2 weeks ago )
Last submission 2013-12-25 01:18:08 UTC ( 3 months, 4 weeks ago )
File names file-5582101_exe
Warframe Tier 3 Defense Drops.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
UDP communications