× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0cdae83b41b1cea2edff89258d611149a2202686503f2c93090db67728bf8fe7
File name: about.ex
Detection ratio: 2 / 43
Analysis date: 2012-01-27 19:21:15 UTC ( 6 years, 9 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.PWS.SpySweep.143 20120127
NOD32 a variant of Win32/Kryptik.ZPG 20120127
AhnLab-V3 20120127
AntiVir 20120127
Antiy-AVL 20120127
Avast 20120127
AVG 20120127
BitDefender 20120127
ByteHero 20120126
CAT-QuickHeal 20120127
ClamAV 20120126
Commtouch 20120127
Comodo 20120126
Emsisoft 20120127
eSafe 20120126
eTrust-Vet 20120127
F-Prot 20120127
F-Secure 20120127
Fortinet 20120127
GData 20120127
Ikarus 20120127
Jiangmin 20120127
K7AntiVirus 20120127
Kaspersky 20120127
McAfee 20120125
McAfee-GW-Edition 20120127
Microsoft 20120127
Norman 20120127
nProtect 20120127
Panda 20120127
PCTools 20120127
Prevx 20120127
Rising 20120118
Sophos AV 20120127
SUPERAntiSpyware 20120127
Symantec 20120127
TheHacker 20120127
TrendMicro 20120127
TrendMicro-HouseCall 20120127
VBA32 20120126
VIPRE 20120127
ViRobot 20120127
VirusBuster 20120127
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-27 06:05:16
Entry Point 0x0001098E
Number of sections 4
PE sections
PE imports
Ord(13)
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
lstrcmpiA
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
acmMetrics
Number of PE resources by type
RT_RCDATA 1
RT_STRING 1
Number of PE resources by language
NEUTRAL 1
ENGLISH CARIBBEAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:27 07:05:16+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75776

LinkerVersion
7.1

FileAccessDate
2014:05:31 04:12:08+01:00

EntryPoint
0x1098e

InitializedDataSize
245248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:05:31 04:12:08+01:00

UninitializedDataSize
0

File identification
MD5 abc4568b24cf1d9b3998c00c9bdcce13
SHA1 b26a55077af9c75b0b4d26b21e9f6de4a6297865
SHA256 0cdae83b41b1cea2edff89258d611149a2202686503f2c93090db67728bf8fe7
ssdeep
6144:dPlBi3A1D24cQtbHYwsGUu2UNhtk73OPzKiArw2x7lVKs8Oum4U:dPXB2VQFQGUzUNoDOfArwu7lVKUj

imphash da0f42325b4dd1df9374f4fca9b18aac
File size 314.5 KB ( 322048 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (63.9%)
Win32 Executable MS Visual C++ (generic) (14.8%)
Win64 Executable (generic) (13.1%)
Win32 Dynamic Link Library (generic) (3.1%)
Win32 Executable (generic) (2.1%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-01-27 07:57:48 UTC ( 6 years, 10 months ago )
Last submission 2014-05-31 03:08:45 UTC ( 4 years, 5 months ago )
File names file-3513300_exe
24FC2AE3698.exe
0.1215061215190707.exe
TleXwfQ.msi
calc.ex
about.ex
abc4568b24cf1d9b3998c00c9bdcce13
24FC2AE3FCE.exe
b26a55077af9c75b0b4d26b21e9f6de4a6297865.bin
832 27.01.2012 10.51.43.545
contacts.exe
abc4568b24cf1d9b3998c00c9bdcce13.ex
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!