× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1f5c10c87113f750160d8848e5904c9b692ba2a38fed6a485026e42974bbc9c6
File name: 1f5c10c87113f750160d8848e5904c9b692ba2a38fed6a485026e42974bbc9c6
Detection ratio: 1 / 57
Analysis date: 2015-03-15 16:42:24 UTC ( 2 years, 6 months ago )
Antivirus Result Update
CMC AdWare.Win32!O 20150313
Ad-Aware 20150315
AegisLab 20150315
Yandex 20150314
AhnLab-V3 20150315
Alibaba 20150315
ALYac 20150315
Antiy-AVL 20150315
Avast 20150315
AVG 20150315
Avira (no cloud) 20150315
AVware 20150315
Baidu-International 20150315
BitDefender 20150315
Bkav 20150314
ByteHero 20150315
CAT-QuickHeal 20150314
ClamAV 20150314
Comodo 20150315
Cyren 20150315
DrWeb 20150315
Emsisoft 20150315
ESET-NOD32 20150315
F-Prot 20150315
F-Secure 20150315
Fortinet 20150315
GData 20150315
Ikarus 20150315
Jiangmin 20150314
K7AntiVirus 20150315
K7GW 20150315
Kaspersky 20150315
Kingsoft 20150315
Malwarebytes 20150315
McAfee 20150315
McAfee-GW-Edition 20150315
Microsoft 20150315
eScan 20150315
NANO-Antivirus 20150315
Norman 20150315
nProtect 20150313
Panda 20150311
Qihoo-360 20150315
Rising 20150315
Sophos AV 20150315
SUPERAntiSpyware 20150315
Symantec 20150315
Tencent 20150315
TheHacker 20150313
TotalDefense 20150315
TrendMicro 20150315
TrendMicro-HouseCall 20150315
VBA32 20150314
VIPRE 20150315
ViRobot 20150315
Zillya 20150315
Zoner 20150313
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT INNO, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000C5D8
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
DUTCH 5
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
48640

LinkerVersion
2.25

EntryPoint
0xc5d8

InitializedDataSize
20992

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 993bf593eebd1762290f15e0e062fd09
SHA1 932121c2afecab5274c4b643c74d1602c63edd6c
SHA256 1f5c10c87113f750160d8848e5904c9b692ba2a38fed6a485026e42974bbc9c6
ssdeep
24576:jEOZIla1BZLDBCYymv7adf+fyd/g/WKgtbNYHGToCHt5ymEFXuUpYBa:jEOewZLSl3VXtbqHGVHE5YBa

authentihash 8d64e0167707c579138b1887b2d19f2061c145b7be1bb526708516af4ff898d4
imphash 03a57449e5cad93724ec1ab534741a15
File size 1.1 MB ( 1142593 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (92.7%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-03 09:03:18 UTC ( 4 years, 9 months ago )
Last submission 2012-12-03 09:03:18 UTC ( 4 years, 9 months ago )
File names 1f5c10c87113f750160d8848e5904c9b692ba2a38fed6a485026e42974bbc9c6
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Set keys
Created processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications