× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2408aaffa7c81cdd6be2c030fdd76f88b15e255d67854feadb2874184e3b0a2f
File name: screensaver_easter_eggs.exe
Detection ratio: 3 / 57
Analysis date: 2015-10-18 13:03:37 UTC ( 3 years, 7 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.MulDrop5.14689 20151018
K7AntiVirus Riskware ( 0040eff71 ) 20151018
K7GW Riskware ( 0040eff71 ) 20151018
Ad-Aware 20151018
AegisLab 20151018
Yandex 20151017
AhnLab-V3 20151018
Alibaba 20151016
ALYac 20151018
Antiy-AVL 20151018
Arcabit 20151018
Avast 20151018
AVG 20151018
Avira (no cloud) 20151018
AVware 20151018
Baidu-International 20151018
BitDefender 20151018
Bkav 20151017
ByteHero 20151018
CAT-QuickHeal 20151017
ClamAV 20151018
CMC 20151016
Comodo 20151018
Cyren 20151018
Emsisoft 20151018
ESET-NOD32 20151018
F-Prot 20151018
F-Secure 20151017
Fortinet 20151018
GData 20151018
Ikarus 20151018
Jiangmin 20151017
Kaspersky 20151018
Kingsoft 20151018
Malwarebytes 20151018
McAfee 20151018
McAfee-GW-Edition 20151018
Microsoft 20151018
eScan 20151018
NANO-Antivirus 20151018
nProtect 20151016
Panda 20151018
Qihoo-360 20151018
Rising 20151017
Sophos AV 20151018
SUPERAntiSpyware 20151018
Symantec 20151017
Tencent 20151018
TheHacker 20151017
TotalDefense 20151016
TrendMicro 20151018
TrendMicro-HouseCall 20151018
VBA32 20151016
VIPRE 20151018
ViRobot 20151018
Zillya 20151017
Zoner 20151018
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-08 18:20:03
Entry Point 0x00006293
Number of sections 4
PE sections
Overlays
MD5 36b74f00eb0480c905b19123f55f09d4
File type data
Offset 143360
Size 3793192
Entropy 7.96
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
GetConsoleCP
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
CreateProcessA
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
ShellExecuteA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
RUSSIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:03:08 19:20:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

EntryPoint
0x6293

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 301d77f71f0326b43af271bb9777bfdf
SHA1 169d3e7eabb4f6312719f0420fc7852b1d07c458
SHA256 2408aaffa7c81cdd6be2c030fdd76f88b15e255d67854feadb2874184e3b0a2f
ssdeep
98304:fEyOj7nuTORAEUGwqAfUmP7ra+I7Eo68VfX+:4XuWUGwTrqNNX+

authentihash 7675ca2a6fabf5d0dcc9506d668167de1e3a518c2ba69e64f5732ac7dd7ac5f2
imphash bbaa6df883da7768c895ff451a9e3564
File size 3.8 MB ( 3936552 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-22 07:18:12 UTC ( 7 years, 3 months ago )
Last submission 2015-10-18 13:03:37 UTC ( 3 years, 7 months ago )
File names screensaver_easter_eggs.exe
2408AAFFA7C81CDD6BE2C030FDD76F88B15E255D67854FEADB2874184E3B0A2F
easter-eggs-animated-screensaver-507.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0111.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!