× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2121f7e216d2b2d7b401808f53afc4b34cf756d8f99786a10ffe25587e2dd134
File name: fsame.exe
Detection ratio: 2 / 57
Analysis date: 2016-04-01 23:12:03 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
CMC HackTool.Win32.SqlCrack!O 20160401
TheHacker Trojan/Generik.CYLDMKJ 20160330
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160401
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160402
Avira (no cloud) 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160401
BitDefender 20160401
Bkav 20160401
CAT-QuickHeal 20160401
ClamAV 20160401
Comodo 20160401
Cyren 20160401
DrWeb 20160401
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160401
Jiangmin 20160401
K7AntiVirus 20160401
K7GW 20160401
Kaspersky 20160401
Kingsoft 20160402
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160401
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160401
Panda 20160401
Qihoo-360 20160402
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160402
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160401
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160401
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT appended, UPX, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-11-18 15:53:37
Entry Point 0x000049CB
Number of sections 4
PE sections
Overlays
MD5 863f3f14ff92d31b4d5a3dbae7964d5d
File type data
Offset 61440
Size 1141340
Entropy 8.00
PE imports
InitCommonControlsEx
GetSystemTime
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
LoadLibraryA
lstrlenA
WaitForSingleObject
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
GetLocalTime
FreeEnvironmentStringsA
GetCurrentProcess
GetEnvironmentStrings
SetThreadPriority
GetFileSize
CreateDirectoryA
DeleteFileA
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetFileType
SetStdHandle
CompareStringW
GetTempPathA
RaiseException
CreateThread
GetStringTypeA
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
IsBadCodePtr
WriteFile
GetStartupInfoA
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
TerminateProcess
ResumeThread
CreateProcessA
GetTimeZoneInformation
WideCharToMultiByte
HeapCreate
VirtualFree
IsBadReadPtr
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
GetModuleHandleA
CompareStringA
GetMessageA
GetParent
OffsetRect
PostQuitMessage
ShowWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
DispatchMessageA
PostMessageA
MessageBoxA
TranslateMessage
wsprintfA
SendMessageA
GetDlgItem
CreateDialogParamA
GetWindowLongA
LoadIconA
GetDesktopWindow
LoadImageA
IsDialogMessageA
DestroyWindow
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:11:18 16:53:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
36864

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x49cb

InitializedDataSize
24576

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 3be8c8684b025063abe05112eb400038
SHA1 2e3fa82315462ad30bf7e9b4b04d6ad029909c6b
SHA256 2121f7e216d2b2d7b401808f53afc4b34cf756d8f99786a10ffe25587e2dd134
ssdeep
24576:04Hmwi97BTBZTVFVV0kzF2s6VMtDN0QBTryyaY+3JzuCR:hHmJZ5zFztDN0QlGYoPR

authentihash 23d53992ff66abf51e74d723ee01c5f61462188ad4b5bb5e48d5dd985244a27a
imphash 2f6203366bc5aa9ff8b6cf7753ead32d
File size 1.1 MB ( 1202780 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (21.8%)
Win64 Executable (generic) (19.3%)
UPX compressed Win32 Executable (18.9%)
Win32 EXE Yoda's Crypter (18.6%)
Windows screen saver (9.1%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2016-01-02 15:03:10 UTC ( 2 years, 9 months ago )
Last submission 2016-08-19 05:51:01 UTC ( 2 years, 2 months ago )
File names 1451746803-fsame.exe
787384
fsame.exe
2121F7E216D2B2D7B401808F53AFC4B34CF756D8F99786A10FFE25587E2DD134
fsame.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications