× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1a39b7be6a34846bb833bfbd40154d2624dbe8e75464c85b2fbcb59121446329
File name: c80827c2645ccdac8c04a9438be549942107096028282753370.tmp
Detection ratio: 2 / 57
Analysis date: 2015-01-30 23:40:30 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.MulDrop5.14689 20150131
NANO-Antivirus Trojan.Win32.MulDrop5.dlnodp 20150130
Ad-Aware 20150130
AegisLab 20150130
Yandex 20150130
AhnLab-V3 20150130
Alibaba 20150130
ALYac 20150130
Antiy-AVL 20150130
Avast 20150131
AVG 20150130
Avira (no cloud) 20150130
AVware 20150131
Baidu-International 20150130
BitDefender 20150130
Bkav 20150130
ByteHero 20150131
CAT-QuickHeal 20150130
ClamAV 20150130
CMC 20150129
Comodo 20150130
Cyren 20150131
Emsisoft 20150131
ESET-NOD32 20150131
F-Prot 20150130
F-Secure 20150130
Fortinet 20150130
GData 20150130
Ikarus 20150130
Jiangmin 20150129
K7AntiVirus 20150130
K7GW 20150130
Kaspersky 20150131
Kingsoft 20150131
Malwarebytes 20150130
McAfee 20150131
McAfee-GW-Edition 20150131
Microsoft 20150130
eScan 20150130
Norman 20150130
nProtect 20150130
Panda 20150130
Qihoo-360 20150131
Rising 20150130
Sophos AV 20150130
SUPERAntiSpyware 20150130
Symantec 20150130
Tencent 20150131
TheHacker 20150130
TotalDefense 20150130
TrendMicro 20150130
TrendMicro-HouseCall 20150130
VBA32 20150129
VIPRE 20150130
ViRobot 20150130
Zillya 20150129
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-08 18:20:03
Entry Point 0x00006293
Number of sections 4
PE sections
Overlays
MD5 0c5b133fba4e083b4965745b09c5a2f3
File type data
Offset 143360
Size 8273065
Entropy 7.99
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
GetConsoleCP
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
CreateProcessA
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
ShellExecuteA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
RUSSIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:03:08 19:20:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x6293

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c80827c2645ccdac8c04a9438be54994
SHA1 f9c676252b9506c859f50856d724c4f4fda00af9
SHA256 1a39b7be6a34846bb833bfbd40154d2624dbe8e75464c85b2fbcb59121446329
ssdeep
196608:MCZiOH5Spvq9oodVvXb8dUCtnvvh82xsEIJpn/:ld5+i9XbNCtnv6QIJpn/

authentihash 90f1d52f51dd5cb43b76654c7a561138d2d0e38fc017f01ee3dcb5aac84a7a33
imphash bbaa6df883da7768c895ff451a9e3564
File size 8.0 MB ( 8416425 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-12 02:13:17 UTC ( 7 years, 3 months ago )
Last submission 2018-05-28 07:15:26 UTC ( 11 months, 3 weeks ago )
File names c80827c2645ccdac8c04a9438be549942107096028282753370.tmp
15461938
screensaver_fireworks_on_capitol.exe
output.15461938.txt
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!