× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1cd01b2e42b06eeff803fa68e336d36cce7491400f1d113fbaed9e00f4efd79a
File name: test10.exe
Detection ratio: 39 / 62
Analysis date: 2017-04-06 17:33:18 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.364505 20170406
AegisLab Troj.W32.Gen.mBV9 20170406
ALYac Gen:Variant.Graftor.364505 20170406
Antiy-AVL Trojan/Win32.TSGeneric 20170406
Arcabit Trojan.Graftor.D58FD9 20170406
Avast Win32:Malware-gen 20170406
AVG Inject3.CFGY 20170406
Avira (no cloud) DR/Delphi.feidj 20170406
AVware Trojan.Win32.Generic!BT 20170406
BitDefender Gen:Variant.Graftor.364505 20170406
CAT-QuickHeal Trojan.Inject 20170406
CrowdStrike Falcon (ML) malicious_confidence_92% (W) 20170130
Cyren W32/Trojan.AWIM-7252 20170406
DrWeb Trojan.PWS.Stealer.17779 20170406
Emsisoft Gen:Variant.Graftor.364505 (B) 20170406
ESET-NOD32 a variant of Win32/Injector.DNBJ 20170406
F-Secure Gen:Variant.Graftor.364505 20170406
Fortinet W32/Injector.DMTM!tr 20170406
GData Gen:Variant.Graftor.364505 20170406
Ikarus Trojan.Win32.Injector 20170406
Sophos ML backdoor.win32.fynloski.a 20170203
K7AntiVirus Trojan ( 0050a2bf1 ) 20170406
K7GW Trojan ( 0050a2bf1 ) 20170406
Kaspersky Trojan.Win32.Inject.aenbp 20170406
McAfee RDN/Generic PWS.y 20170406
McAfee-GW-Edition RDN/Generic PWS.y 20170406
Microsoft Trojan:Win32/Dynamer!ac 20170406
eScan Gen:Variant.Graftor.364505 20170406
NANO-Antivirus Trojan.Win32.NaKocTb.emypuq 20170406
Palo Alto Networks (Known Signatures) generic.ml 20170406
Panda Trj/CI.A 20170406
Rising Malware.Generic.5!tfe (cloud:bz4dSl3JMhM) 20170406
Sophos AV Mal/Generic-S 20170406
Symantec Trojan.Gen.2 20170406
Tencent Win32.Trojan.Inject.Dzap 20170406
TrendMicro-HouseCall TROJ_GEN.R00JH0CD117 20170406
VIPRE Trojan.Win32.Generic!BT 20170406
Yandex Trojan.Injector!0pJVfClZzP8 20170406
ZoneAlarm by Check Point Trojan.Win32.Inject.aenbp 20170406
AhnLab-V3 20170406
Alibaba 20170406
Baidu 20170406
Bkav 20170405
ClamAV 20170406
CMC 20170406
Comodo 20170406
Endgame 20170406
F-Prot 20170406
Jiangmin 20170406
Kingsoft 20170406
Malwarebytes 20170406
nProtect 20170406
Qihoo-360 20170406
SentinelOne (Static ML) 20170330
SUPERAntiSpyware 20170406
Symantec Mobile Insight 20170406
TheHacker 20170406
TotalDefense 20170406
TrendMicro 20170406
Trustlook 20170406
VBA32 20170406
ViRobot 20170406
Webroot 20170406
WhiteArmor 20170327
Zillya 20170406
Zoner 20170406
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) Creative Technology Ltd., 2008. All rights reserved.

Product AvatarImport
Original name AvatarImport.EXE
Internal name AvatarImport
File version 2.0.3.0
Description AvatarImport Application
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00146EC0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
SaveDC
VariantCopy
Number of PE resources by type
RT_ICON 13
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL 15
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.3.0

UninitializedDataSize
634880

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
307200

EntryPoint
0x146ec0

OriginalFileName
AvatarImport.EXE

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) Creative Technology Ltd., 2008. All rights reserved.

FileVersion
2.0.3.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AvatarImport

ProductVersion
2.0.0.0

FileDescription
AvatarImport Application

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Creative Technology Ltd.

CodeSize
704512

ProductName
AvatarImport

ProductVersionNumber
2.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 14cb67fb692267a1873735772d74f889
SHA1 528409bac87a6c42768a943caccf86c0c23e6173
SHA256 1cd01b2e42b06eeff803fa68e336d36cce7491400f1d113fbaed9e00f4efd79a
ssdeep
24576:DHSZkLtTPXAe/e2upV874S+3EayVdZVFpreT:jSZkLtTPXA1z8r+3EayVrlr

authentihash 2bca5113e1bf975ba5323fba4559cf77d809d4ab4b6374bc14ea6867faaa2178
imphash 0a131a315228230104c175573ec8ff41
File size 982.0 KB ( 1005568 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.1%)
Win32 EXE Yoda's Crypter (41.3%)
Win32 Executable (generic) (7.0%)
Win16/32 Executable Delphi generic (3.2%)
Generic Win/DOS Executable (3.1%)
Tags
peexe upx

VirusTotal metadata
First submission 2017-04-01 10:26:37 UTC ( 1 year, 10 months ago )
Last submission 2017-05-09 11:13:11 UTC ( 1 year, 9 months ago )
File names 14cb67fb692267a1873735772d74f889.exe
AvatarImport.EXE
test10.exe
AvatarImport
test10.exe
test10.exe
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications