× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0d10a5b5a30163b68a2ee9544221e23cdae654a71cb94eb10e14ddbe878c5000
File name: sorcerer-v1.0.1.exe
Detection ratio: 3 / 46
Analysis date: 2013-05-06 06:21:19 UTC ( 2 years, 2 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
McAfee Generic.dx!bhkz 20130506
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.E 20130506
eSafe Suspicious File 20130501
AVG 20130506
Agnitum 20130505
AhnLab-V3 20130505
AntiVir 20130506
Antiy-AVL 20130505
Avast 20130506
BitDefender 20130506
ByteHero 20130430
CAT-QuickHeal 20130506
ClamAV 20130506
Commtouch 20130506
Comodo 20130506
DrWeb 20130506
ESET-NOD32 20130505
Emsisoft 20130506
F-Prot 20130506
F-Secure 20130506
Fortinet 20130506
GData 20130506
Ikarus 20130506
Jiangmin 20130506
K7AntiVirus 20130503
K7GW 20130503
Kaspersky 20130506
Kingsoft 20130502
Malwarebytes 20130506
MicroWorld-eScan 20130506
Microsoft 20130506
NANO-Antivirus 20130506
Norman 20130506
PCTools 20130506
Panda 20130505
SUPERAntiSpyware 20130505
Sophos 20130506
Symantec 20130506
TheHacker 20130505
TotalDefense 20130503
TrendMicro 20130506
TrendMicro-HouseCall 20130506
VBA32 20130503
VIPRE 20130506
ViRobot 20130506
nProtect 20130506
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command YodaProt
F-PROT YodaProt
PEiD yoda's Protector v1.03.3 (.exe,.scr,.com) -> Ashkbiz Danehkar (h)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-15 00:51:21
Link date 1:51 AM 3/15/2009
Entry Point 0x001D66ED
Number of sections 6
PE sections
PE imports
LoadLibraryA
GetProcAddress
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 2
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:03:15 01:51:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
240128

LinkerVersion
6.0

EntryPoint
0x1d66ed

InitializedDataSize
844288

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7f0471fed1c932255e5036be6dd1818b
SHA1 18fe0e630f9c45d8a95a3bebf7c89b167415b3fd
SHA256 0d10a5b5a30163b68a2ee9544221e23cdae654a71cb94eb10e14ddbe878c5000
ssdeep
24576:dpSZ9ABFvePhz+DjrBaEMcv5NOb2TdeWeFmYMIDD:dE4BFc+zBaEMcv5Ub2TdQD

authentihash 116fd8349b36cd892ad9a6f7e2d0c1dffd8c5aecccfaeb7100154946a3cf60b0
imphash 87bed5a7cba00c7e1f4015f1bdae2183
File size 958.0 KB ( 980992 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe yoda yodaprot

VirusTotal metadata
First submission 2010-06-16 01:30:33 UTC ( 5 years, 1 month ago )
Last submission 2015-07-14 08:01:30 UTC ( 2 weeks, 2 days ago )
File names sorcerer-v1.0.1.exe
vt-upload-Hchvu
F66172FF007C5907F8740EEA6F4DCC006F2E446E.exe
sorcerer-v1.0.1.vxe
file-3170375_exe
sorcerer-v1.0.1_.exe
smona131353137628118252951
7F0471FED1C932255E5036BE6DD1818B
vti-rescan
smona_0d10a5b5a30163b68a2ee9544221e23cdae654a71cb94eb10e14ddbe878c5000.bin
sorcerer-v1.0.1.exe
18fe0e630f9c45d8a95a3bebf7c89b167415b3fd.exe
sorcerer-v1.0.1.exe-
smona132205672620265805096
18fe0e630f9c45d8a95a3bebf7c89b167415b3fd.bin
sorcerer 1.0.1.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!