× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 12327f79a30bd4d2b3d3e7c1af550e833d57a272b552df875c1e6af01c941d66
File name: regsvr.exe
Detection ratio: 52 / 55
Analysis date: 2016-01-05 15:07:45 UTC ( 1 year ago ) View latest
Antivirus Result Update
ALYac Trojan.Generic.1743932 20160105
AVG Autoit.DB 20160105
AVware Worm.Win32.Nuqel.z (v) 20160105
Ad-Aware Trojan.Generic.1743932 20160105
Yandex Trojan.Autoit.DX 20160104
AhnLab-V3 Win32/Autoit.worm.617343 20160105
Antiy-AVL Worm/Win32.AutoRun.dtbv 20160105
Arcabit Trojan.Generic.D1A9C3C 20160105
Avast Win32:Evo-gen [Susp] 20160105
Avira (no cloud) TR/Autoit.CI.14 20160105
Baidu-International Worm.Win32.AutoRun.dtbv 20160105
BitDefender Trojan.Generic.1743932 20160105
Bkav W32.HfsAutoB.6B57 20160105
CAT-QuickHeal Worm.AutoRun.A10 20160105
CMC Worm.Win32.AutoRun!O 20160104
ClamAV Trojan.Siggen-7 20160105
Comodo Worm.Win32.Autoit.DB 20160105
Cyren W32/Trojan.GEGQ-3036 20160105
DrWeb Trojan.Click1.37970 20160105
ESET-NOD32 Win32/Autoit.AG 20160105
Emsisoft Trojan.Generic.1743932 (B) 20160105
F-Prot W32/Trojan2.DFYJ 20160105
F-Secure IM-Worm:W32/Sohanad.HM 20160105
Fortinet W32/Autorun.HNW!tr 20160105
GData Trojan.Generic.1743932 20160105
Ikarus Worm.Win32.AutoRun 20160105
Jiangmin Worm/Huhk.a 20160105
K7AntiVirus Trojan ( 004be9051 ) 20160105
K7GW Trojan ( 004be9051 ) 20160105
Kaspersky Worm.Win32.AutoRun.dtbv 20160105
Malwarebytes Trojan.FakeFolder 20160105
McAfee W32/YahLover.worm.gen 20160105
McAfee-GW-Edition BehavesLike.Win32.Yahlover.jc 20160105
eScan Trojan.Generic.1743932 20160105
Microsoft Worm:Win32/Nuqel.AE 20160105
NANO-Antivirus Trojan.Win32.AutoRun.hcfwq 20160105
Panda W32/Sohanat.IZ 20160104
Qihoo-360 Worm.Win32.FakeFolder.BV 20160105
Rising PE:Worm.VobfusEx!1.99DF [F] 20160105
SUPERAntiSpyware Trojan.Agent/Gen-ModTool 20160105
Sophos W32/AutoRun-BUC 20160105
Symantec W32.Imaut 20160104
TheHacker Trojan/Autoit.ci 20160103
TotalDefense Win32/Armax.G 20160105
TrendMicro WORM_IMAUT.HB 20160105
TrendMicro-HouseCall WORM_IMAUT.HB 20160105
VBA32 Trojan-Downloader.Autoit.gen 20160105
VIPRE Worm.Win32.Nuqel.z (v) 20160105
ViRobot Trojan.Win32.Autoit.617343.D[h] 20160105
Zillya Worm.Sohanad.Win32.1008 20160105
Zoner I-Worm.Sohanad.NGI 20160105
nProtect Trojan/W32.AutoIt.650241 20160105
AegisLab 20160105
Alibaba 20160105
ByteHero 20160105
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 00:00:00
Entry Point 0x000A5001
Number of sections 7
PE sections
PE imports
RegEnumValueW
ImageList_EndDrag
GetSaveFileNameW
MoveToEx
GetProcAddress
GetModuleHandleA
LoadLibraryA
WNetUseConnectionW
OleSetContainedObject
LoadRegTypeLib
DragQueryPoint
GetWindowTextLengthW
GetFileVersionInfoSizeW
waveOutSetVolume
__WSAFDIsSet
Number of PE resources by type
RT_ICON 15
RT_STRING 6
RT_GROUP_ICON 3
RT_MENU 1
RT_DIALOG 1
Number of PE resources by language
ENGLISH UK 26
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
414208

LinkerVersion
8.0

EntryPoint
0xa5001

InitializedDataSize
250368

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a8c434d95f3b399f79461b6dd2d0eba2
SHA1 bd1188ddeb9c5029a20f8c62ace9dd4aeee02df7
SHA256 12327f79a30bd4d2b3d3e7c1af550e833d57a272b552df875c1e6af01c941d66
ssdeep
12288:I3TdtLW5WIj1YSSdFxZi3K5Lq8cjdumymcGocWahsezrA8u:iDsj1dEpi3LHjAmlocWaC8u

authentihash fcd57a5ae7a8d5a62ea5d614ec48c7afed83ec0f40c61cb1471291ed399a709f
imphash 7d580e3bc0d56dc97c988e38179b1756
File size 635.0 KB ( 650241 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (56.1%)
Windows screen saver (26.6%)
Win32 Executable (generic) (9.1%)
Generic Win/DOS Executable (4.0%)
DOS Executable Generic (4.0%)
Tags
peexe aspack usb-autorun

VirusTotal metadata
First submission 2009-01-12 17:04:05 UTC ( 8 years ago )
Last submission 2015-11-30 19:47:00 UTC ( 1 year, 1 month ago )
File names regsvr.exe
pozuda .exe
26da813a375fce994e71d4b7bcae4e55____ ____________ .exe.safe
New Folder .exe
1.exe
1 .exe
save .exe_
virus.exe
РИП .exe
file-2847042_exe
bd1188ddeb9c5029a20f8c62ace9dd4aeee02df7.bin
cmd .exe
regsvr.exe
Валя .exe
regsvr.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!