× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2062240106d76b34f64d0cd6f48ab43b68beb05af9c8af0dda0af11b7de824ff
File name: 1340696896-ASCIIAnimator.exe
Detection ratio: 4 / 54
Analysis date: 2015-10-13 18:14:04 UTC ( 8 months, 2 weeks ago )
Antivirus Result Update
Baidu-International Adware.Win32.Bbylon.C 20151013
DrWeb Adware.Downware.11828 20151013
ESET-NOD32 a variant of Win32/Toolbar.Babylon.C potentially unwanted 20151013
Jiangmin Trojan/Pincav.uxc 20151012
AVG 20151013
Ad-Aware 20151013
AegisLab 20151013
Yandex 20151012
AhnLab-V3 20151013
Alibaba 20151013
Antiy-AVL 20151013
Arcabit 20151013
Avast 20151013
Avira (no cloud) 20151013
BitDefender 20151013
Bkav 20151013
ByteHero 20151013
CAT-QuickHeal 20151013
CMC 20151012
ClamAV 20151013
Comodo 20151013
Cyren 20151013
Emsisoft 20151013
F-Prot 20151013
F-Secure 20151013
Fortinet 20151013
GData 20151013
Ikarus 20151013
K7AntiVirus 20151013
K7GW 20151013
Kaspersky 20151013
Kingsoft 20151013
Malwarebytes 20151013
McAfee 20151013
McAfee-GW-Edition 20151013
eScan 20151013
Microsoft 20151013
NANO-Antivirus 20151013
Panda 20151013
Qihoo-360 20151013
Rising 20151013
SUPERAntiSpyware 20151013
Sophos 20151013
Symantec 20151012
Tencent 20151013
TheHacker 20151012
TotalDefense 20151013
TrendMicro 20151013
TrendMicro-HouseCall 20151013
VBA32 20151013
ViRobot 20151013
Zillya 20151013
Zoner 20151013
nProtect 20151013
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2010-2011 QQPR.com

Publisher
Product ASCII Animator
File version
Description ASCII Animator Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 5fbde1d00e3b330e206ed72c671b569c
File type data
Offset 54272
Size 1348537
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
0.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
17920

EntryPoint
0x9c40

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileDescription
ASCII Animator Setup

OSVersion
1.0

FileOS
Win32

LegalCopyright
Copyright 2010-2011 QQPR.com

MachineType
Intel 386 or later, and compatibles

CodeSize
37888

ProductName
ASCII Animator

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 461928661820619306e8d1caffe8e753
SHA1 18b6c67481ec3a27d5f5fdc635d6e4da65e46eca
SHA256 2062240106d76b34f64d0cd6f48ab43b68beb05af9c8af0dda0af11b7de824ff
ssdeep
24576:5naj0mw7NDVHaIvMEdK1CItQ37nT7Rn5+CWKA/uTQNlUbIH53uWaTDam:5aQmw7NYeGjMfpLA/g0ObS53u9TDam

authentihash 6f584abbdeea0e5a36a99fda34052d710af2f673fed38ae8e387c2906d243b11
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.3 MB ( 1402809 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-12-03 11:50:08 UTC ( 4 years, 7 months ago )
Last submission 2015-10-13 18:14:04 UTC ( 8 months, 2 weeks ago )
File names ASCIIAnimator.exe
461928661820619306E8D1CAFFE8E753
file-3469461_exe
smona_2062240106d76b34f64d0cd6f48ab43b68beb05af9c8af0dda0af11b7de824ff.bin
461928661820619306e8d1caffe8e753
1340696896-ASCIIAnimator.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!