× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e94e07972bbefad6b888cef5ad89ad284877d415594e436f2c5c20772b28571
File name: 1322507943-CelticFC.exe
Detection ratio: 1 / 58
Analysis date: 2016-03-27 15:42:09 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Cyren Expiro 20160327
Ad-Aware 20160327
AegisLab 20160327
Yandex 20160316
AhnLab-V3 20160327
Alibaba 20160323
ALYac 20160327
Antiy-AVL 20160327
Arcabit 20160327
Avast 20160327
AVG 20160327
Avira (no cloud) 20160327
AVware 20160327
Baidu 20160325
Baidu-International 20160327
BitDefender 20160327
Bkav 20160327
ByteHero 20160327
CAT-QuickHeal 20160326
ClamAV 20160326
CMC 20160322
Comodo 20160327
DrWeb 20160327
Emsisoft 20160327
ESET-NOD32 20160327
F-Prot 20160327
F-Secure 20160327
Fortinet 20160327
GData 20160327
Ikarus 20160327
Jiangmin 20160327
K7AntiVirus 20160327
K7GW 20160323
Kaspersky 20160327
Kingsoft 20160327
Malwarebytes 20160327
McAfee 20160327
McAfee-GW-Edition 20160327
Microsoft 20160327
eScan 20160327
NANO-Antivirus 20160327
nProtect 20160325
Panda 20160327
Qihoo-360 20160327
Rising 20160327
Sophos AV 20160327
SUPERAntiSpyware 20160327
Symantec 20160327
Tencent 20160327
TheHacker 20160325
TotalDefense 20160327
TrendMicro 20160327
TrendMicro-HouseCall 20160327
VBA32 20160326
VIPRE 20160326
ViRobot 20160327
Zillya 20160326
Zoner 20160327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright yourowncreensaver.com 2010

File version %_INSTALL_VER_%
Description Screensaver Installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-03-09 23:20:10
Entry Point 0x000032FB
Number of sections 4
PE sections
Overlays
MD5 8dbe7671f7b5e355e9bde6adcd2206b7
File type binary Computer Graphics Metafile
Offset 60928
Size 1559642
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
TextOutA
SelectObject
CreateFontA
CreatePalette
GetStockObject
PatBlt
SelectPalette
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
GetStartupInfoA
lstrlenA
GlobalFree
FreeLibrary
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
GlobalUnlock
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
WinExec
FreeEnvironmentStringsA
OpenFile
GetCurrentProcess
_lwrite
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
lstrcatA
GetModuleHandleW
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
_lread
TlsFree
GetFileType
GetTempPathA
LeaveCriticalSection
GetModuleHandleA
_lclose
WideCharToMultiByte
GetStringTypeA
_lcreat
GetSystemTimeAsFileTime
DeleteCriticalSection
SetUnhandledExceptionFilter
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GetACP
HeapReAlloc
GetStringTypeW
GlobalLock
GetOEMCP
LocalFree
TerminateProcess
QueryPerformanceCounter
InterlockedDecrement
SetHandleCount
IsValidCodePage
HeapCreate
WriteFile
GlobalAlloc
VirtualFree
TlsGetValue
Sleep
FormatMessageA
GetTickCount
TlsSetValue
ExitProcess
GetCurrentThreadId
InterlockedIncrement
VirtualAlloc
SetLastError
_llseek
wsprintfA
CreateWindowExA
LoadCursorA
LoadIconA
DrawTextA
UpdateWindow
EndPaint
BeginPaint
GetClientRect
SendMessageA
MessageBoxA
SetTimer
GetDC
ReleaseDC
PostQuitMessage
DefWindowProcA
ShowWindow
RegisterClassA
ExitWindowsEx
SetWindowPos
InvalidateRect
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
4.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
26112

EntryPoint
0x32fb

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
%_INSTALL_VER_%

TimeStamp
2010:03:10 00:20:10+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Screensaver Installer

OSVersion
5.0

FileOS
Windows 16-bit

LegalCopyright
Copyright yourowncreensaver.com 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
YourOwnScreensaver.com

CodeSize
33792

FileSubtype
0

ProductVersionNumber
11.0.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 301cc58c2130dd85c2fef7791441c54a
SHA1 db1d8b740b6391aa2ce493fdbf5e6307ad236ee4
SHA256 1e94e07972bbefad6b888cef5ad89ad284877d415594e436f2c5c20772b28571
ssdeep
49152:alny7kOeJqlKn5IjOydddQ0kqEndzTIls07:4nyBe5edhk3dglsM

authentihash ecb8b75dce01b205c947a4b6381720ae627fb28b1451300fe13d3b8ac6833f6c
imphash 74163037421806f0cf9c27e968112bc2
File size 1.5 MB ( 1620570 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-01-02 03:52:51 UTC ( 6 years, 5 months ago )
Last submission 2015-11-21 18:32:05 UTC ( 2 years, 6 months ago )
File names output.15289167.txt
1E94E07972BBEFAD6B888CEF5AD89AD284877D415594E436F2C5C20772B28571
15289167
301cc58c2130dd85c2fef7791441c54a.db1d8b740b6391aa2ce493fdbf5e6307ad236ee4
1322507943-CelticFC.exe
CelticFC.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!