× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ec441b4321ae11fa8e7c82035f9e99738c1997eb10fb9e0cc8b8f07f15afa0a
File name: MyFunCards.exe
Detection ratio: 25 / 43
Analysis date: 2011-03-16 08:07:54 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
AntiVir DR/FunWeb.IK.1 20110316
Antiy-AVL AdWare/Win32.FunWeb.gen 20110316
Avast5 Win32:FunWeb 20110315
BitDefender Adware.Generic.165059 20110316
Commtouch W32/MalwareS.BGVD 20110315
Comodo UnclassifiedMalware 20110316
DrWeb Adware.Funweb.23 20110316
Emsisoft Riskware.AdWare.Win32.FunWeb!IK 20110316
F-Prot W32/MalwareS.BGVD 20110315
F-Secure Adware:W32/FunWeb.H 20110314
Fortinet Adware/FunWeb 20110316
GData Adware.Generic.165059 20110316
Ikarus not-a-virus:AdWare.Win32.FunWeb 20110316
Jiangmin Adware/FunWeb.b 20110316
K7AntiVirus Riskware 20110315
Kaspersky not-a-virus:AdWare.Win32.FunWeb.ik 20110316
McAfee FunWeb 20110316
NOD32 a variant of Win32/AdInstaller 20110315
Prevx High Risk Cloaked Malware 20110316
SUPERAntiSpyware Adware.MyWebSearch/FunWebProducts 20110316
Symantec Suspicious.Cloud.5 20110316
VBA32 AdWare.Win32.FunWeb.et 20110315
VIPRE Trojan.Win32.Generic!BT 20110316
VirusBuster Trojan.AdInstaller!tG8xXdNHa+g 20110315
eTrust-Vet Win32/Adware.DQ 20110316
AVG 20110315
AhnLab-V3 20110316
Avast 20110315
CAT-QuickHeal 20110316
ClamAV 20110315
McAfee-GW-Edition 20110316
Microsoft 20110316
Norman 20110315
PCTools 20110311
Panda 20110315
Rising 20110316
Sophos 20110316
TheHacker 20110316
TrendMicro 20110316
TrendMicro-HouseCall 20110316
ViRobot 20110316
eSafe 20110315
nProtect 20110215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Publisher Mindspark Interactive Network
Signature verification Signed file, verified signature
Signing date 12:55 AM 11/11/2010
Signers
[+] Mindspark Interactive Network
Status Certificate out of its validity period
Valid from 1:00 AM 5/31/2010
Valid to 12:59 AM 5/7/2012
Valid usage Code Signing
Algorithm SHA1
Thumbrint 9FCB24A7661183FCB8AD11F8EDF81351886CFC18
Serial number 41 73 0E B0 E6 D9 2A 47 6E 16 62 8A 0D BE FB 36
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbrint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary Certification Authority (PCA3 G1 SHA1)
Status Valid
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/3/2028
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm SHA1
Thumbrint A1DB6393916F17E4185509400415C70240B0AE6B
Serial number 3C 91 31 CB 1F F6 D0 1B 0E 9A B8 D0 44 BF 12 BE
Counter signers
[+] VeriSign Time Stamping Services Signer - G2
Status Certificate out of its validity period
Valid from 1:00 AM 6/15/2007
Valid to 12:59 AM 6/15/2012
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Serial number 38 25 D7 FA F8 61 AF 9E F4 90 E7 26 B5 D6 5A D5
[+] VeriSign Time Stamping Services CA
Status Valid
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-10 23:50:01
Entry Point 0x000015FC
Number of sections 4
PE sections
PE imports
RegFlushKey
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
GetLastError
HeapFree
EnterCriticalSection
GetUserDefaultLangID
lstrlenA
lstrcmpiA
GetDriveTypeA
ExitProcess
GetVersionExA
LoadLibraryA
RemoveDirectoryA
FreeLibrary
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
SizeofResource
GetFileSize
lstrcatA
LockResource
CreateDirectoryA
DeleteFileA
GetCurrentDirectoryA
GetCommandLineA
GetProcAddress
GetProcessHeap
GetFileAttributesA
GetModuleHandleA
ReadFile
WriteFile
EnumResourceNamesA
CloseHandle
lstrcpynA
GetSystemDirectoryA
HeapReAlloc
SetFileAttributesA
HeapAlloc
LocalFree
InitializeCriticalSection
LoadResource
lstrcpyA
CreateFileA
DebugBreak
FindResourceA
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
wsprintfA
MessageBoxA
CharNextA
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 3
PART 3
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 8
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:11:11 00:50:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

EntryPoint
0x15fc

InitializedDataSize
122880

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a8fb33e9eda9df6e4f5d3648b3de2f32
SHA1 6347fccd0e3dfb3a264893137b674bd4e1ef0c8f
SHA256 1ec441b4321ae11fa8e7c82035f9e99738c1997eb10fb9e0cc8b8f07f15afa0a
ssdeep
3072:TDxVgCmEl0qS42SUFWKJQZiFLtH1C32IOorejOMA5W4:vXgCmY2SiJQZytH1C32IVtXW4

File size 137.8 KB ( 141120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (78.5%)
Win32 Executable (generic) (11.3%)
Generic Win/DOS Executable (5.0%)
DOS Executable Generic (5.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed

VirusTotal metadata
First submission 2010-11-18 22:34:53 UTC ( 3 years, 5 months ago )
Last submission 2013-02-22 05:51:49 UTC ( 1 year, 2 months ago )
File names 6347FCCD0E3DFB3A264893137B674BD4E1EF0C8F_myfuncards.exe
MyFunCards.exe
6381355B40B8708F27AC022DDDE82A00DFD98095.exe
a8fb33e9eda9df6e4f5d3648b3de2f32
file-1563836_exe
MyFunCards.exe.infected
337383947_app_1.MyFunCards.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!