× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1dd7de0524536eb73f32df44e5f10f986b847120074354def81d748ae834a9a8
File name: 50 (98).tmp
Detection ratio: 35 / 41
Analysis date: 2012-02-18 13:07:02 UTC ( 6 years, 8 months ago )
Antivirus Result Update
AhnLab-V3 Win-Trojan/Fakealert.1469440 20120210
AntiVir TR/FakeAV.IS.3 20120210
Avast Win32:MalOb-CA [Cryp] 20120210
AVG unknown virus Win32/DH.FF84015C{00000000-00100000-00000000} 20120210
BitDefender Trojan.FakeAlert.BUC 20120210
Commtouch W32/FakeAV.RS 20120210
Comodo TrojWare.Win32.FraudTool.FakeAV.~GGF 20120210
DrWeb Trojan.Packed.1107 20120210
Emsisoft Trojan.Win32.FakeAV!IK 20120210
eTrust-Vet Win32/FakeCodec!generic 20120210
F-Prot W32/FakeAV.RS 20120209
F-Secure Trojan.FakeAlert.BUC 20120210
Fortinet W32/CodecPack.LJ!tr.dldr 20120210
GData Trojan.FakeAlert.BUC 20120210
Ikarus Trojan.Win32.FakeAV 20120210
Jiangmin Adware/InternetAntivirus.cb 20120210
K7AntiVirus Riskware 20120210
Kaspersky Packed.Win32.Krap.an 20120210
McAfee Artemis!C80E3A1BC95A 20120208
McAfee-GW-Edition Artemis!C80E3A1BC95A 20120209
Microsoft Rogue:Win32/Fakeinit 20120210
NOD32 a variant of Win32/Kryptik.CAQ 20120210
Norman W32/FakeAV.P!genr 20120210
nProtect Trojan-Clicker/W32.Fakealert.1469440 20120210
Panda Adware/ISecurity2010 20120210
PCTools RogueAntiSpyware.CoreGuardAntivirus2009!rem 20120207
Rising Trojan.Win32.Generic.11F3F796 20120210
Sophos AV Mal/FakeAV-BW 20120210
Symantec CoreGuardAntivirus2009 20120210
TheHacker Trojan/Kryptik.caq 20120210
TrendMicro TROJ_FAKEAL.SMDP 20120210
TrendMicro-HouseCall TROJ_FAKEAL.SMDP 20120210
VIPRE VirTool.Win32.Obfuscator.hg!b1 (v) 20120210
ViRobot Trojan.Win32.Krap.1469440 20120210
VirusBuster FraudTool.InSecurity2010!dLRb3PoQl48 20120210
Antiy-AVL 20120208
CAT-QuickHeal 20120210
ClamAV 20120210
eSafe 20120208
Prevx 20120218
SUPERAntiSpyware 20120206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Internet Security

Publisher Internet Security
Product Internet Security
Original name Internet Security
Internal name Internet Security
File version 1.0.0.0
Description Internet Security
Comments Internet Security
PE header basic information
Number of sections 7
PE sections
PE imports
RegDeleteKeyA, IsTextUnicode, RegOpenKeyW, RegQueryValueExW, CopySid, RegEnumValueA, AddAce, ConvertStringSidToSidW, RegEnumValueW, RegQueryValueExA, RegEnumKeyW, RegOpenKeyA, IsValidAcl, AllocateAndInitializeSid, RegFlushKey
GetThreadLocale, IsDebuggerPresent, GetFileSize, GetCurrentThreadId, Sleep, HeapReAlloc, GetCommandLineA, GetComputerNameW, HeapDestroy, OpenEventW, OpenEventA, GetConsoleMode, CreateThread, VirtualAlloc, IsBadReadPtr, OpenProcess, QueryPerformanceCounter, GetCurrentProcessId, LoadLibraryExW, GetModuleHandleA, ExitProcess, LoadLibraryExA, CreateMutexA, GetVersion
iswdigit, ctime, bsearch, __p__commode, __set_app_type, __pioinfo, __p__osver, _ftol, __2@YAPAXI@Z, _rotl, rand, __p__fmode, _XcptFilter, _unlock, _onexit, __setusermatherr, wcscspn, wcsspn, wcsncmp, _stat
CommandLineToArgvW, ShellExecuteExW, SHGetMalloc, SHGetSpecialFolderPathW, SHGetFileInfoW, ShellExecuteW, SHGetDesktopFolder, SHGetPathFromIDListW, DragQueryFileW, SHChangeNotify
InflateRect, UpdateWindow, IsChild, ChangeMenuW, InvalidateRect, GetSysColor, GetActiveWindow, CharUpperA, IsZoomed, RegisterClassA, ClipCursor, GetDC, SetWindowTextA, DispatchMessageA, GetParent, IsIconic, GetSystemMetrics, PostMessageW, GetDlgCtrlID, SetWindowRgn, SetWindowTextW, SetCapture, BeginPaint
OleLoadFromStream, CoReleaseMarshalData, StgCreateDocfileOnILockBytes, CreateItemMoniker, CreateStreamOnHGlobal, CoInitialize, CoTaskMemFree, WriteClassStm, CoUnmarshalInterface, StgIsStorageFile
ExifTool file metadata
CodeSize
4096

SubsystemVersion
4.0

Comments
Internet Security

InitializedDataSize
1464320

ImageVersion
5.1

ProductName
Internet Security

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Windows, Cyrillic

LinkerVersion
10.17

OriginalFilename
Internet Security

ResourceEditorWWW
http://www.bome.com/Restorator/

MIMEType
application/octet-stream

Subsystem
Windows GUI

ResourcesEditedWith
Restorator 2007

FileVersion
1.0.0.0

TimeStamp
2008:03:01 09:24:26+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Internet Security

ProductVersion
1.0.0.0

FileDescription
Internet Security

OSVersion
5.1

FileOS
Win32

LegalCopyright
Internet Security

MachineType
Intel 386 or later, and compatibles

CompanyName
Internet Security

LegalTrademarks
Internet Security

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1228

ObjectFileType
Executable application

File identification
MD5 c80e3a1bc95ad486f3a1f179f3186adc
SHA1 b6e70eb99ea7c7ab714a9de3acc764dff3483811
SHA256 1dd7de0524536eb73f32df44e5f10f986b847120074354def81d748ae834a9a8
ssdeep
24576:XzYmUBraCtkbZAgITyZTb4eg1gQcK6uxtL4Lup9uLL89t+DQAOc:XJmrybZLITyZTbNg1d6u/sLueXTDQAOc

File size 1.4 MB ( 1469440 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
VirusTotal metadata
First submission 2010-01-26 04:45:07 UTC ( 8 years, 9 months ago )
Last submission 2012-02-18 13:07:02 UTC ( 6 years, 8 months ago )
File names 50 (98).tmp
aa
sVjRZj7naV.tgz
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!