× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 166643b98592fe2614fb9ed50e0bc60495a831bb5607f58a4013f64baf1b8bef
File name: ms-inst.EXE
Detection ratio: 0 / 48
Analysis date: 2014-01-25 08:58:30 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
AVG 20140125
Ad-Aware 20140125
Agnitum 20140124
AhnLab-V3 20140124
AntiVir 20140125
Antiy-AVL 20140124
Avast 20140125
Baidu-International 20140125
BitDefender 20140125
Bkav 20140125
ByteHero 20140122
CAT-QuickHeal 20140125
CMC 20140122
ClamAV 20140125
Commtouch 20140125
Comodo 20140125
DrWeb 20140125
ESET-NOD32 20140125
Emsisoft 20140125
F-Prot 20140125
F-Secure 20140125
Fortinet 20140125
GData 20140125
Ikarus 20140125
Jiangmin 20140125
K7AntiVirus 20140124
K7GW 20140124
Kaspersky 20140125
Kingsoft 20130829
Malwarebytes 20140125
McAfee 20140125
McAfee-GW-Edition 20140125
MicroWorld-eScan 20140125
Microsoft 20140125
NANO-Antivirus 20140125
Norman 20140125
Panda 20140124
Qihoo-360 20140122
Rising 20140124
SUPERAntiSpyware 20140125
Sophos 20140125
Symantec 20140125
TheHacker 20140124
TotalDefense 20140124
TrendMicro 20140125
TrendMicro-HouseCall 20140125
VBA32 20140124
VIPRE 20140125
ViRobot 20140125
nProtect 20140124
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright (C) 1999 Trigram Systems

Publisher Trigram Systems
File version v9.0B1
Description MicroSpell Installation
Packers identified
PEiD Wise Installer Stub
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1998-10-02 20:36:51
Link date 9:36 PM 10/2/1998
Entry Point 0x000021C5
Number of sections 4
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
SetBkMode
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
GetTextExtentPointA
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
GetModuleHandleA
_lclose
_lcreat
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
GlobalAlloc
ReleaseDC
CreateWindowExA
LoadCursorA
LoadIconA
UpdateWindow
EndPaint
BeginPaint
MessageBoxA
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassA
ExitWindowsEx
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.1

yrightC1999TrigramSystems
XXXXXXX

ImageVersion
4.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

XXXX
|,LegalCopyright

CharacterSet
Windows, Latin1

InitializedDataSize
5120

MIMEType
application/octet-stream

FileVersion
v9.0B1

TimeStamp
1998:10:02 21:36:51+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:01:04 00:45:48+01:00

UninitializedDataSize
0

XXXXXXXXXXXXXXXXXXXXXXXX
,FileDescription

OSVersion
4.0

FileCreateDate
2015:01:04 00:45:48+01:00

FileOS
Windows 16-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Trigram Systems

CodeSize
8192

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x21c5

ObjectFileType
Executable application

roSpellInstallation
XXXXXXXXXXXXXXXXXXX

File identification
MD5 c8c7999ae5e1d5fa8cf1943a61c5c7d8
SHA1 21bfe25e3f2d488149897c057df521bb55224b95
SHA256 166643b98592fe2614fb9ed50e0bc60495a831bb5607f58a4013f64baf1b8bef
ssdeep
49152:8N2aFMzHZ37KSPncdXrKKiE0fzEX2b6OOoSB+DQ8/DrptlOn5lR0vIMiMsrckvVw:8RWYrj6IGG5onXpIR0kbrckN1ycLU

authentihash 9e928253116f0613d50f5a265847d8bf1d98ec3a1c08b0728fbd65917ca53af4
imphash 3dbb35930afd16d5a0423571da5ea031
File size 2.9 MB ( 3037623 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe wise

VirusTotal metadata
First submission 2009-08-08 10:25:46 UTC ( 5 years, 6 months ago )
Last submission 2015-01-03 23:43:07 UTC ( 1 month, 3 weeks ago )
File names ms-inst.EXE
file-7879153_exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications