× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1c06e785086fc27585cdbb79c2981b668bfd57c09721e8978de5cc64bea1026c
File name: 137722
Detection ratio: 0 / 57
Analysis date: 2016-03-25 05:50:06 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160325
AegisLab 20160325
Yandex 20160316
AhnLab-V3 20160324
Alibaba 20160323
ALYac 20160325
Antiy-AVL 20160325
Arcabit 20160325
Avast 20160325
AVG 20160325
Avira (no cloud) 20160325
AVware 20160325
Baidu 20160324
Baidu-International 20160324
BitDefender 20160325
Bkav 20160324
ByteHero 20160325
CAT-QuickHeal 20160323
ClamAV 20160325
CMC 20160322
Comodo 20160325
Cyren 20160325
DrWeb 20160325
Emsisoft 20160325
ESET-NOD32 20160325
F-Prot 20160325
F-Secure 20160325
Fortinet 20160325
GData 20160325
Ikarus 20160325
Jiangmin 20160325
K7AntiVirus 20160324
K7GW 20160323
Kaspersky 20160325
Malwarebytes 20160325
McAfee 20160325
McAfee-GW-Edition 20160325
Microsoft 20160325
eScan 20160325
NANO-Antivirus 20160324
nProtect 20160324
Panda 20160324
Qihoo-360 20160325
Rising 20160325
Sophos AV 20160325
SUPERAntiSpyware 20160325
Symantec 20160325
Tencent 20160325
TheHacker 20160325
TotalDefense 20160325
TrendMicro 20160325
TrendMicro-HouseCall 20160325
VBA32 20160324
VIPRE 20160325
ViRobot 20160325
Zillya 20160324
Zoner 20160325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Spivak

Product Numerology
Original name numerology.exe
Internal name numerology
File version 1.00
Description Numerology
Comments Numerology
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-12-09 18:48:49
Entry Point 0x00001134
Number of sections 3
PE sections
PE imports
EVENT_SINK_QueryInterface
Ord(537)
Ord(516)
EVENT_SINK_Invoke
Ord(685)
Ord(617)
EVENT_SINK_AddRef
Ord(681)
EVENT_SINK_GetIDsOfNames
__vbaExceptHandler
Ord(632)
MethCallEngine
DllFunctionCall
Zombie_GetTypeInfoCount
Ord(100)
Zombie_GetTypeInfo
Ord(608)
Ord(301)
Ord(694)
Ord(606)
EVENT_SINK_Release
EVENT_SINK2_AddRef
Ord(581)
Ord(528)
Ord(613)
Ord(307)
Ord(644)
Ord(631)
EVENT_SINK2_Release
Ord(598)
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Numerology

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Numerology

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x1134

OriginalFileName
numerology.exe

MIMEType
application/octet-stream

LegalCopyright
Spivak

FileVersion
1.0

TimeStamp
2010:12:09 19:48:49+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
numerology

ProductVersion
1.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Spivak

CodeSize
192512

ProductName
Numerology

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1bfe55b925d4536ef29a43285a2f31ea
SHA1 42287ab9e2b802d85333e9c9f5ad221bab7c8606
SHA256 1c06e785086fc27585cdbb79c2981b668bfd57c09721e8978de5cc64bea1026c
ssdeep
1536:XsqIILZ0yOQ/VyKOZyHnz19CDjEHXgM8HVwhibRsDrSvH0jw:YqZEQkKOZO5kvEH2HGhiQrSvH0jw

authentihash d3fe717b2556106436c6cdebd68c9dd367c29981214ad9e2ed14da739cb957ec
imphash dd75a7b633968b2069618f97b6d27c92
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (88.6%)
Win32 Executable (generic) (4.8%)
OS/2 Executable (generic) (2.1%)
Generic Win/DOS Executable (2.1%)
DOS Executable Generic (2.1%)
Tags
peexe

VirusTotal metadata
First submission 2011-12-02 11:33:48 UTC ( 7 years, 2 months ago )
Last submission 2016-12-01 08:52:13 UTC ( 2 years, 2 months ago )
File names numerology
numerology.exe
42287ab9e2b802d85333e9c9f5ad221bab7c8606.exe
numerology.exe
1355027066-numerology.exe
137722
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!