× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0db06cfb83c1444ec7da50c5f1d3cc53e30625606b98089952b79ea586e34529
File name: HostsFileUpdater.exe
Detection ratio: 27 / 41
Analysis date: 2012-05-25 04:01:02 UTC ( 6 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-Trojan/Downloader.13824.NS 20120524
Avast Win32:Trojan-gen 20120525
AVG Downloader.Generic8.AUZD 20120524
Commtouch W32/Backdoor.D.gen!Eldorado 20120525
Comodo TrojWare.Win32.TrojanDownloader.Small.ahhr 20120525
DrWeb Trojan.DownLoad.61401 20120525
Emsisoft Trojan-Downloader.Win32.Small!IK 20120525
eSafe Win32.GenericDownloa 20120524
F-Prot W32/Backdoor.D.gen!Eldorado 20120524
Fortinet W32/DLOADE.BKX!tr 20120525
GData Win32:Trojan-gen 20120525
Ikarus Trojan-Downloader.Win32.Small 20120525
Jiangmin TrojanDownloader.Small.aopx 20120525
K7AntiVirus Backdoor 20120524
McAfee Artemis!1B26EB13A70D 20120525
McAfee-GW-Edition Artemis!1B26EB13A70D 20120524
NOD32 probably a variant of Win32/TrojanDownloader.Small.CDEIFJB 20120524
Norman W32/Suspicious_Gen.CVNJ 20120523
nProtect Trojan-Downloader/W32.Small.13824.CN 20120524
Sophos AV Hosts File Updater 20120525
TheHacker Trojan/Downloader.Small.ahhr 20120524
TrendMicro TROJ_DLOADE.BKX 20120525
TrendMicro-HouseCall TROJ_DLOADE.BKX 20120524
VBA32 Trojan-Downloader.Win32.Small.ahhr 20120524
VIPRE Trojan-Downloader.Win32.Small 20120525
ViRobot Backdoor.Win32.S.Agent.13824.F 20120525
VirusBuster Trojan.DL.Small!lt7pUxRYX5Y 20120524
AntiVir 20120525
Antiy-AVL 20120525
BitDefender 20120525
ByteHero 20120522
CAT-QuickHeal 20120524
ClamAV 20120525
F-Secure 20120525
Microsoft 20120524
Panda 20120524
PCTools 20120522
Rising 20120524
SUPERAntiSpyware 20120525
Symantec 20120525
TotalDefense 20120524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright(c) 2005

Product Hosts File Updater
Original name Hosts File Updater.exe
Internal name Hosts File Updater
File version 1.01
Comments Hosts File Updater by Terry Toh Email: terry AT intelligent DOT as Website: http://Falcon21.vze.com
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-08-26 11:27:15
Entry Point 0x0000CDD0
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
Ord(580)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Hosts File Updater by Terry Toh Email: terry AT intelligent DOT as Website: http://Falcon21.vze.com

InitializedDataSize
8192

ImageVersion
1.1

ProductName
Hosts File Updater

FileVersionNumber
1.1.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
Hosts File Updater.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.01

TimeStamp
2005:08:26 12:27:15+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Hosts File Updater

ProductVersion
1.01

UninitializedDataSize
40960

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright(c) 2005

MachineType
Intel 386 or later, and compatibles

CompanyName
FaltronSoft

CodeSize
8192

FileSubtype
0

ProductVersionNumber
1.1.0.0

EntryPoint
0xcdd0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 1b26eb13a70da9cb20559ee926641db0
SHA1 b39e72963cfd3d9390ae41e78f1167cce48b13b7
SHA256 0db06cfb83c1444ec7da50c5f1d3cc53e30625606b98089952b79ea586e34529
ssdeep
192:osbw7VLJcuszhtH8k5kbGdhb8DIAXa6PvtSJ3rakc3Wu6biw:ZMbJszhtH8UjQVK6nU9akEWu6uw

authentihash 4ef77f3324baf8b67c7bc333e91c87c244e4974855c43887ab58b78d34fe5bf4
imphash e152b8232ffb8d7e035b517fccb79a12
File size 13.5 KB ( 13824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.4%)
Win32 Executable (generic) (7.0%)
OS/2 Executable (generic) (3.1%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2006-12-20 21:37:41 UTC ( 12 years, 2 months ago )
Last submission 2018-12-19 04:09:48 UTC ( 2 months ago )
File names HostsFileUpdater.exe
file-5743134_exe
Hosts File Updater.exe
Hosts File Updater
1b26eb13a70da9cb20559ee926641db0.virobj
vt-upload-A6hxZ
smona132386386498338485622
HostsFileUpdater.exe
HostsFileUpdater.exe
1030379
Hosts File Updater.Exe
"HostsFileUpdater.exe"
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!