× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1773ec0f06efd4548d81396d5e30bc5f521dcdbdbbc1d087eab97a687e1a3cd6
File name: 442105
Detection ratio: 1 / 56
Analysis date: 2015-10-09 13:50:58 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
ByteHero Virus.Win32.Heur.l 20151009
Ad-Aware 20151009
AegisLab 20151009
Yandex 20151009
AhnLab-V3 20151008
Alibaba 20151009
ALYac 20151009
Antiy-AVL 20151009
Arcabit 20151009
Avast 20151009
AVG 20151009
Avira (no cloud) 20151009
AVware 20151009
Baidu-International 20151009
BitDefender 20151009
Bkav 20151008
CAT-QuickHeal 20151009
ClamAV 20151009
CMC 20151009
Comodo 20151009
Cyren 20151009
DrWeb 20151009
Emsisoft 20151009
ESET-NOD32 20151009
F-Prot 20151009
F-Secure 20151009
Fortinet 20151009
GData 20151009
Ikarus 20151009
Jiangmin 20151008
K7AntiVirus 20151009
K7GW 20151009
Kaspersky 20151009
Kingsoft 20151009
Malwarebytes 20151009
McAfee 20151009
McAfee-GW-Edition 20151008
Microsoft 20151009
eScan 20151009
NANO-Antivirus 20151009
nProtect 20151008
Panda 20151009
Qihoo-360 20151009
Rising 20151008
Sophos AV 20151009
SUPERAntiSpyware 20151008
Tencent 20151009
TheHacker 20151008
TotalDefense 20151009
TrendMicro 20151009
TrendMicro-HouseCall 20151009
VBA32 20151009
VIPRE 20151009
ViRobot 20151009
Zillya 20151008
Zoner 20151009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Aspack, ZIP
PEiD ASPack v2.12
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000E1001
Number of sections 10
PE sections
Overlays
MD5 fa6c03f88a1c97734b73774f9cd2a27d
File type data
Offset 343552
Size 48428
Entropy 7.40
PE imports
RegSetValueExA
RegQueryValueExA
ImageList_SetIconSize
PrintDlgA
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
VariantChangeTypeEx
ShellExecuteA
WindowFromPoint
GetKeyboardType
timeGetTime
OpenPrinterA
Number of PE resources by type
RT_STRING 59
RT_BITMAP 24
RT_GROUP_CURSOR 12
RT_CURSOR 12
RT_RCDATA 9
RT_ICON 4
S_STRINGTABLE 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 116
GERMAN 5
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
743936

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xe1001

InitializedDataSize
149504

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 be8751fe80c6752ebce8fd45c60bb7da
SHA1 1c927c2eb5a1362338ece6fa1d562ef10d972188
SHA256 1773ec0f06efd4548d81396d5e30bc5f521dcdbdbbc1d087eab97a687e1a3cd6
ssdeep
6144:sVj/7nTQ2kzjVS7L1UHAp3LaNWzhkEUrll9jIRkyI1LVHpDTS6MgpEogpYYDhCN+:sB7nTczjo7L1Ug9gehkLBnjDrMGEogpn

authentihash a6da858398c4ee94fc20983e917b449c7831cc67e6042e1dd3db208d69795f28
imphash 21444583162457e77cbd4fd18dc00b6d
File size 382.8 KB ( 391980 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe aspack overlay

VirusTotal metadata
First submission 2009-09-01 10:18:40 UTC ( 9 years, 5 months ago )
Last submission 2017-01-18 02:09:18 UTC ( 2 years, 1 month ago )
File names 1773EC0F06EFD4548D81396D5E30BC5F521DCDBDBBC1D087EAB97A687E1A3CD6
1340310723-math-homework-help.exe
math-homework-help.exe
1773EC0F06EFD4548D81396D5E30BC5F521DCDBDBBC1D087EAB97A687E1A3CD6.exe
1773EC0F06EFD4548D81396D5E30BC5F521DCDBDBBC1D087EAB97A687E1A3CD6.exe
442105
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!