× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ba709f9c643260b82419c61ab7c21b428226a97642e575f4066a4847c3877aa
File name: d8f9360a6b876696ae7c96be8dffe080
Detection ratio: 6 / 43
Analysis date: 2011-10-12 19:28:26 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen 20111012
ByteHero Trojan.Malware.Obscu.Gen.002 20110923
Fortinet W32/Binder.RZ!tr 20111012
Jiangmin Backdoor/Proxyier.a 20111012
McAfee Suspect-BA!D8F9360A6B87 20111012
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J 20111012
AVG 20111012
AhnLab-V3 20111012
Antiy-AVL 20111012
Avast 20111012
BitDefender 20111012
CAT-QuickHeal 20111012
ClamAV 20111012
Commtouch 20111012
Comodo 20111012
DrWeb 20111012
Emsisoft 20111012
F-Prot 20111012
F-Secure 20111012
GData 20111012
Ikarus 20111012
K7AntiVirus 20111012
Kaspersky 20111012
Microsoft 20111012
NOD32 20111012
Norman 20111012
PCTools 20111012
Panda 20111012
Prevx 20111012
Rising 20111012
SUPERAntiSpyware 20111012
Sophos 20111012
Symantec 20111012
TheHacker 20111011
TrendMicro 20111012
TrendMicro-HouseCall 20111012
VBA32 20111012
VIPRE 20111012
ViRobot 20111012
VirusBuster 20111012
eSafe 20111011
eTrust-Vet 20111012
nProtect 20111012
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Windows (R) Win 7 DDK provider
Product Windows (R) Win 7 DDK driver
Version 9.3.7800.21715
Original name SP.exe
Internal name SP.exe
File version 9.3.7800.21715
Description Security Pack
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0005A810
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
Ellipse
SysFreeString
wglCopyContext
CharNextA
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_VXD 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
9.3.7800.21715

UninitializedDataSize
348160

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
303104

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
9.3.7800.21715

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SP.exe

ProductVersion
9.3.7800.21715

FileDescription
Security Pack

OSVersion
4.0

OriginalFilename
SP.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Windows (R) Win 7 DDK provider

CodeSize
20480

ProductName
Windows (R) Win 7 DDK driver

ProductVersionNumber
9.3.7800.21715

EntryPoint
0x5a810

ObjectFileType
Executable application

File identification
MD5 d8f9360a6b876696ae7c96be8dffe080
SHA1 ee9983a9c3fca1c93bce09e872b9883f286e99c6
SHA256 1ba709f9c643260b82419c61ab7c21b428226a97642e575f4066a4847c3877aa
ssdeep
6144:1UsWNUm1NGvfLsDKQu2dBC/FVXtWIqYFvRBVMPkbm6c8X:+sPm1WwDRXBC9VXRqYFvDVMcbC8X

File size 314.5 KB ( 322053 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (45.1%)
Win32 EXE Yoda's Crypter (39.2%)
Win32 Executable (generic) (6.6%)
Win16/32 Executable Delphi generic (3.0%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-10-12 19:28:26 UTC ( 2 years, 6 months ago )
Last submission 2013-08-08 18:20:18 UTC ( 8 months, 2 weeks ago )
File names SP.exe
1ba709f9c643260b82419c61ab7c21b428226a97642e575f4066a4847c3877aa.ex
1ba709f9c643260b82419c61ab7c21b428226a97642e575f4066a4847c3877aa
file-2979089_
virus-2011-10-16-id0029338385
d8f9360a6b876696ae7c96be8dffe080.exe
d8f9360a6b876696ae7c96be8dffe080
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!