× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 11179bdb0ed6b1b8c276a77f163d5f04559afc712f71ac78e072222481265fb2
File name: file
Detection ratio: 33 / 42
Analysis date: 2012-06-12 11:00:28 UTC ( 6 years, 10 months ago )
Antivirus Result Update
AhnLab-V3 Worm/Win32.AutoRun 20120611
AntiVir TR/Dropper.Gen 20120612
Avast AutoIt:AutoRun-B@BC [Wrm] 20120612
AVG Worm/AutoRun.KE 20120612
BitDefender Gen:Trojan.Heur.AutoIT.2 20120612
CAT-QuickHeal Worm.AutoIt.Sohanad.AU 20120612
Commtouch W32/AutoIt.AG.gen!Eldorado 20120612
Comodo Heur.Suspicious 20120612
DrWeb Trojan.StartPage.31354 20120612
Emsisoft Worm.Win32.AutoIt!IK 20120612
F-Prot W32/AutoIt.AG.gen!Eldorado 20120611
F-Secure Gen:Trojan.Heur.AutoIT.2 20120612
Fortinet W32/AutoVt.AAAD!tr 20120612
GData Gen:Trojan.Heur.AutoIT.2 20120612
Ikarus Worm.Win32.AutoIt 20120612
Jiangmin Packed.Katusha.aadc 20120612
K7AntiVirus EmailWorm 20120611
Kaspersky Worm.Win32.AutoRun.fnc 20120612
McAfee W32/Tupym.worm 20120612
McAfee-GW-Edition W32/Tupym.worm 20120612
Microsoft Worm:Win32/Tupym.A 20120607
NOD32 Win32/Autoit.EB 20120612
Norman W32/Obfuscated.H3!genr 20120611
Panda Generic Malware 20120611
PCTools Malware.Imaut 20120612
Sophos AV W32/AutoRun-BUC 20120612
SUPERAntiSpyware Trojan.Agent/Gen-Jisdoro 20120612
Symantec W32.Imaut!gen1 20120612
TotalDefense Win32/FakeFLDR_i 20120612
TrendMicro WORM_SOHAND.SM 20120612
TrendMicro-HouseCall WORM_SOHAND.SM 20120611
VBA32 Trojan-Downloader.Autoit.gen 20120611
VIPRE Trojan.Win32.AutoIT.gen (v) 20120612
Antiy-AVL 20120612
ByteHero 20120612
ClamAV 20120612
eSafe 20120610
nProtect 20120612
Rising 20120612
TheHacker 20120612
ViRobot 20120612
VirusBuster 20120611
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-24 09:00:07
Entry Point 0x00017770
Number of sections 5
PE sections
PE imports
RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, SetSecurityDescriptorDacl, AddAce, GetAce, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetAclInformation, GetLengthSid, CopySid, GetTokenInformation, GetSecurityDescriptorDacl, LogonUserW
ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
GetSaveFileNameW, GetOpenFileNameW
RoundRect, DeleteObject, CreateCompatibleDC, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CreateDIBSection, SelectObject, BitBlt, GetDIBits, DeleteDC, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetDeviceCaps, GetTextFaceW, GetStockObject, CreateDCW, CreateCompatibleBitmap, GetPixel, SetBkMode
HeapAlloc, Sleep, GetCurrentThreadId, GetVersionExW, GetSystemInfo, GetModuleHandleW, QueryPerformanceCounter, QueryPerformanceFrequency, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, ReadFile, SetFilePointer, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, MultiByteToWideChar, WideCharToMultiByte, GetProcessHeap, InterlockedIncrement, InterlockedDecrement, WriteFile, GetStdHandle, CreatePipe, InterlockedExchange, EnterCriticalSection, TerminateThread, LeaveCriticalSection, DeleteCriticalSection, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, LoadLibraryA, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetStartupInfoW, RaiseException, GetCPInfo, GetACP, GetOEMCP, IsDebuggerPresent, GetCurrentDirectoryW, FreeLibrary, InitializeCriticalSection, GetProcAddress, LoadLibraryW, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, InitializeCriticalSectionAndSpinCount, HeapSize, HeapReAlloc, HeapCreate, RtlUnwind, GetConsoleCP, GetConsoleMode, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, FlushFileBuffers, LCMapStringW, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, LCMapStringA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, CompareStringA, CompareStringW, SetEnvironmentVariableA
WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, TranslateMessage, PeekMessageW, UnregisterHotKey, CharLowerBuffW, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursor, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, OpenClipboard, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, keybd_event, VkKeyScanA, GetKeyboardLayoutNameA, CharUpperW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, EndPaint, BeginPaint, DestroyWindow, GetMenu, GetClientRect, CopyRect, CharUpperBuffW, EnumWindows, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, SendMessageTimeoutW, GetFocus, GetWindowTextW, ScreenToClient, EnumChildWindows, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, WindowFromPoint, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, ReleaseDC, GetDC, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, GetCursorPos, IsClipboardFormatAvailable, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, BlockInput, GetMessageW, LockWindowUpdate, SystemParametersInfoW, DispatchMessageW, GetDesktopWindow
UnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
InternetSetOptionW, InternetCloseHandle, InternetOpenUrlW, InternetConnectW, FtpOpenFileW, HttpQueryInfoW, HttpOpenRequestW, HttpSendRequestW, FtpGetFileSize, InternetCrackUrlW, InternetOpenW, InternetReadFile
timeGetTime, waveOutSetVolume, mciSendStringW
-, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID, OleUninitialize
ExifTool file metadata
UninitializedDataSize
511412

InitializedDataSize
158720

ImageVersion
0.0

ProductName
Microsoft Windows Operating System

FileVersionNumber
3.3.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

Company
Microsoft Corporation

CharacterSet
Unicode

LinkerVersion
9.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2008:12:24 10:00:07+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
System32

ProductVersion
6.00.2900.2180

SubsystemVersion
5.0

OSVersion
5.0

OriginalFilename
System32.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
507392

FileSubtype
0

ProductVersionNumber
3.3.0.0

EntryPoint
0x17770

ObjectFileType
Unknown

File identification
MD5 ffb5437fc45b7ac6b9ac6b57da2f6b7f
SHA1 d9242c80444df9fc5a122fdd3118e0dbf9f80811
SHA256 11179bdb0ed6b1b8c276a77f163d5f04559afc712f71ac78e072222481265fb2
ssdeep
6144:npqoa8aLiC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnCF:npqiC/2OGAtkCP4cejGSOpRK3CGM

File size 1.3 MB ( 1360641 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2010-05-14 16:50:04 UTC ( 8 years, 11 months ago )
Last submission 2012-06-12 11:00:28 UTC ( 6 years, 10 months ago )
File names XHp3.caj
UmcbEEx.jpeg
aa
file
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!