× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 210ef5d0c603c06931cfa7d8a67f49e92d533abee2971b705aa34b7a99f01b9b
File name: sym_crash_.exe
Detection ratio: 0 / 42
Analysis date: 2012-04-09 14:45:46 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120408
AntiVir 20120409
Antiy-AVL 20120409
Avast 20120409
AVG 20120409
BitDefender 20120409
ByteHero 20120407
CAT-QuickHeal 20120409
ClamAV 20120409
Commtouch 20120409
Comodo 20120409
DrWeb 20120409
Emsisoft 20120409
eSafe 20120408
eTrust-Vet 20120409
F-Prot 20120409
F-Secure 20120409
Fortinet 20120409
GData 20120409
Ikarus 20120409
Jiangmin 20120331
K7AntiVirus 20120407
Kaspersky 20120409
McAfee 20120409
McAfee-GW-Edition 20120408
Microsoft 20120409
NOD32 20120409
Norman 20120409
nProtect 20120409
Panda 20120409
PCTools 20120409
Rising 20120409
Sophos AV 20120409
SUPERAntiSpyware 20120402
Symantec 20120409
TheHacker 20120409
TrendMicro 20120409
TrendMicro-HouseCall 20120409
VBA32 20120409
VIPRE 20120409
ViRobot 20120409
VirusBuster 20120409
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-24 11:31:32
Entry Point 0x00003060
Number of sections 3
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
CopyFileA
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
HeapAlloc
GetStartupInfoA
GetEnvironmentStrings
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
IsBadReadPtr
SetStdHandle
WideCharToMultiByte
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
HeapValidate
CloseHandle
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
OutputDebugStringA
TerminateProcess
HeapCreate
VirtualFree
HeapDestroy
Sleep
GetFileType
IsBadCodePtr
DebugBreak
GetVersion
VirtualAlloc
InterlockedIncrement
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:03:24 12:31:32+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
6.0

EntryPoint
0x3060

InitializedDataSize
16384

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 46ceecbb453de456b60604ed5de35e48
SHA1 b98d43b188b133fae634026bf1a83fa93eef7646
SHA256 210ef5d0c603c06931cfa7d8a67f49e92d533abee2971b705aa34b7a99f01b9b
ssdeep
1536:CB1K/PXeCAFzq7JxdmVTSJ7nB5Jc7um/k1E5B:CweCAFodmhSBJc7Lt5B

authentihash 0bc1c21c975a0968ded1d8c6e64b4f6b3752f9aa2e1f65ff065c465d6190bd2d
imphash 97bd26ad8b5a266de0deee755304fc90
File size 68.0 KB ( 69632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe installshield

VirusTotal metadata
First submission 2012-04-09 14:45:46 UTC ( 5 years, 3 months ago )
Last submission 2012-04-09 14:45:46 UTC ( 5 years, 3 months ago )
File names sym_crash_.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Runtime DLLs