× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2585329bea3ebca59366119530eadb127415d3d6d5296b3823db7e75f0ddfc60
File name: VirusShare_08b574f830a0d55cbfbce189c417e446
Detection ratio: 24 / 72
Analysis date: 2019-01-07 06:57:18 UTC ( 4 months, 1 week ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.KD.76070 20190107
ALYac Trojan.Generic.KD.76070 20190107
Antiy-AVL Trojan/Win32.SGeneric 20190106
Arcabit Trojan.Generic.KD.D12926 20190107
AVG FileRepMetagen [Malware] 20190107
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Trojan.Generic.KD.76070 20190107
Cybereason malicious.830a0d 20180225
Cylance Unsafe 20190107
Cyren W32/GenBl.08B574F8!Olympus 20190107
Emsisoft Trojan.Generic.KD.76070 (B) 20190107
F-Secure Trojan.Generic.KD.76070 20190107
GData Trojan.Generic.KD.76070 20190107
MAX malware (ai score=97) 20190107
McAfee Artemis!08B574F830A0 20190107
McAfee-GW-Edition Artemis!Trojan 20190107
eScan Trojan.Generic.KD.76070 20190107
Qihoo-360 Trojan.Generic 20190107
Rising Trojan.Win32.Generic.1372AFCA (C64:YzY0Ov0PbcDPzpRP) 20190107
Symantec ML.Attribute.HighConfidence 20190106
Trapmine malicious.moderate.ml.score 20190103
VIPRE Trojan.Win32.Generic!BT 20190106
Webroot Adware.MyLinker 20190107
Yandex Trojan.Gendal!OSIpjv8AwlA 20181229
Acronis 20181227
AegisLab 20190107
AhnLab-V3 20190106
Alibaba 20180921
Avast 20190107
Avast-Mobile 20190106
Avira (no cloud) 20190107
Babable 20180918
Baidu 20190104
Bkav 20190104
CAT-QuickHeal 20190106
ClamAV 20190107
CMC 20190106
Comodo 20190107
CrowdStrike Falcon (ML) 20181022
DrWeb 20190107
eGambit 20190107
Endgame 20181108
ESET-NOD32 20190107
F-Prot 20190107
Fortinet 20190107
Ikarus 20190106
Sophos ML 20181128
Jiangmin 20190107
K7AntiVirus 20190107
K7GW 20190106
Kaspersky 20190107
Kingsoft 20190107
Malwarebytes 20190107
Microsoft 20190107
NANO-Antivirus 20190107
Palo Alto Networks (Known Signatures) 20190107
Panda 20190106
SentinelOne (Static ML) 20181223
Sophos AV 20190107
SUPERAntiSpyware 20190102
TACHYON 20190107
Tencent 20190107
TheHacker 20190106
TotalDefense 20190106
TrendMicro 20190107
TrendMicro-HouseCall 20190107
Trustlook 20190107
VBA32 20190104
ViRobot 20190107
Zillya 20190105
ZoneAlarm by Check Point 20190107
Zoner 20190107
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007 SHOTECH Corp.

Product MiniOtto
Original name MiniOtto
Internal name MiniOtto
File version 1, 0, 3, 32
Description MiniOtto Service Agent
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-01 05:16:00
Entry Point 0x00070310
Number of sections 4
PE sections
Overlays
MD5 0e8122b89dc6289181d44e312148c224
File type data
Offset 847872
Size 2048
Entropy 7.90
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
DirectDrawCreate
PatBlt
OffsetRgn
CreatePen
CreateFontIndirectA
CombineRgn
SetStretchBltMode
GetDeviceCaps
DeleteDC
SetBkMode
SetPixel
DeleteObject
BitBlt
CreateDIBSection
GetObjectA
GetCurrentObject
FillRgn
FrameRgn
GetStockObject
ExtCreateRegion
CreateCompatibleDC
StretchBlt
CreateRectRgn
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
GetTextExtentPoint32W
CreateCompatibleBitmap
GetLastError
EnterCriticalSection
ReleaseMutex
TerminateThread
lstrlenA
GlobalFree
WaitForSingleObject
SetEvent
QueryPerformanceCounter
MulDiv
CopyFileA
GetTickCount
GlobalUnlock
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetPriorityClass
SizeofResource
SetThreadPriority
GetCurrentProcessId
OpenProcess
LockResource
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
InterlockedDecrement
MultiByteToWideChar
WinExec
GetProcAddress
VirtualProtectEx
GetCurrentThread
SetFileAttributesA
CreateMutexA
GetSystemDefaultLangID
_lclose
QueryPerformanceFrequency
GetShortPathNameA
GlobalReAlloc
GetModuleHandleA
lstrcpyA
GetStartupInfoA
CloseHandle
lstrcpynA
GetSystemDirectoryA
GetACP
GlobalLock
GetCurrentThreadId
GetThreadPriority
SetPriorityClass
FreeLibrary
LocalFree
ResumeThread
WideCharToMultiByte
InitializeCriticalSection
LoadResource
WriteFile
GlobalAlloc
CreateEventA
VirtualQueryEx
InterlockedIncrement
Sleep
_lcreat
CreateFileA
GetVersion
FindResourceA
LocalAlloc
LeaveCriticalSection
Ord(1775)
Ord(3977)
Ord(4080)
Ord(4710)
Ord(6383)
Ord(826)
Ord(6905)
Ord(1949)
Ord(3719)
Ord(6052)
Ord(3721)
Ord(940)
Ord(6242)
Ord(682)
Ord(922)
Ord(641)
Ord(2152)
Ord(2514)
Ord(5199)
Ord(1243)
Ord(609)
Ord(2863)
Ord(1168)
Ord(3126)
Ord(2688)
Ord(4234)
Ord(2135)
Ord(6378)
Ord(6376)
Ord(2824)
Ord(3402)
Ord(3630)
Ord(268)
Ord(470)
Ord(6380)
Ord(3993)
Ord(565)
Ord(5683)
Ord(2100)
Ord(350)
Ord(3994)
Ord(2463)
Ord(2765)
Ord(1106)
Ord(542)
Ord(858)
Ord(2078)
Ord(4486)
Ord(2976)
Ord(4998)
Ord(5601)
Ord(810)
Ord(3732)
Ord(2096)
Ord(4034)
Ord(2089)
Ord(1140)
Ord(3830)
Ord(2385)
Ord(4278)
Ord(3619)
Ord(4396)
Ord(6442)
Ord(4226)
Ord(2055)
Ord(4058)
Ord(5241)
Ord(5450)
Ord(3303)
Ord(1862)
Ord(561)
Ord(1083)
Ord(4881)
Ord(5448)
Ord(1640)
Ord(2123)
Ord(4133)
Ord(2080)
Ord(4123)
Ord(613)
Ord(3996)
Ord(3310)
Ord(3185)
Ord(1578)
Ord(5302)
Ord(860)
Ord(2438)
Ord(6142)
Ord(354)
Ord(5465)
Ord(1158)
Ord(6385)
Ord(3259)
Ord(5860)
Ord(2761)
Ord(550)
Ord(6172)
Ord(6407)
Ord(3664)
Ord(809)
Ord(815)
Ord(6270)
Ord(5788)
Ord(2645)
Ord(1948)
Ord(3811)
Ord(4425)
Ord(6467)
Ord(2753)
Ord(941)
Ord(5645)
Ord(3738)
Ord(1832)
Ord(500)
Ord(825)
Ord(5605)
Ord(4218)
Ord(1567)
Ord(567)
Ord(3706)
Ord(6007)
Ord(3616)
Ord(6392)
Ord(6021)
Ord(2781)
Ord(2754)
Ord(283)
Ord(1644)
Ord(640)
Ord(2578)
Ord(539)
Ord(3654)
Ord(656)
Ord(3010)
Ord(3181)
Ord(2639)
Ord(6663)
Ord(2124)
Ord(6320)
Ord(2116)
Ord(2108)
Ord(5303)
Ord(3262)
Ord(2614)
Ord(4407)
Ord(562)
Ord(3693)
Ord(353)
Ord(6008)
Ord(3922)
Ord(802)
Ord(2818)
Ord(3286)
Ord(818)
Ord(5265)
Ord(816)
Ord(3571)
Ord(6930)
Ord(3733)
Ord(798)
Ord(6569)
Ord(4277)
Ord(5715)
Ord(6129)
Ord(924)
Ord(600)
Ord(4698)
Ord(4270)
Ord(4673)
Ord(6010)
Ord(5731)
Ord(2023)
Ord(349)
Ord(537)
Ord(2414)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(665)
Ord(6153)
Ord(5440)
Ord(755)
Ord(1233)
Ord(5290)
Ord(5718)
Ord(795)
Ord(3698)
Ord(4402)
Ord(2554)
Ord(4441)
Ord(1134)
Ord(2762)
Ord(4853)
Ord(5651)
Ord(3810)
Ord(1176)
Ord(4424)
Ord(540)
Ord(4078)
Ord(3089)
Ord(1601)
Ord(1727)
Ord(823)
Ord(415)
Ord(501)
Ord(2725)
Ord(1776)
Ord(5981)
Ord(2582)
Ord(2512)
Ord(3337)
Ord(4274)
Ord(2859)
Ord(3789)
Ord(1146)
Ord(3147)
Ord(6375)
Ord(4284)
Ord(4398)
Ord(1576)
Ord(920)
Ord(3301)
Ord(4299)
Ord(3398)
Ord(6877)
Ord(2411)
Ord(1081)
Ord(289)
Ord(6374)
Ord(5280)
Ord(6453)
Ord(323)
Ord(2864)
Ord(3914)
Ord(1997)
Ord(773)
Ord(2985)
Ord(6605)
Ord(4376)
Ord(472)
Ord(2405)
Ord(3582)
Ord(2770)
Ord(324)
Ord(3079)
Ord(3220)
Ord(4837)
Ord(2648)
Ord(5289)
Ord(3138)
Ord(3287)
Ord(817)
Ord(1980)
Ord(5607)
Ord(5163)
Ord(6055)
AlphaBlend
_purecall
__p__fmode
malloc
abs
rand
realloc
memset
fclose
strcat
__dllonexit
_wcslwr
_controlfp
_wcsicmp
fflush
strchr
_rotr
_fstat
_endthreadex
fread
fopen
strlen
_vsnwprintf
_except_handler3
?terminate@@YAXXZ
strtok
fseek
_mbscmp
__CxxFrameHandler
_onexit
wcslen
wcscmp
ftell
_beginthreadex
exit
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
srand
_adjust_fdiv
_acmdln
_mbsicmp
_CxxThrowException
memcmp
_itoa
wcschr
__p__commode
_fileno
_strcmpi
free
_strnicmp
atoi
floor
atol
__getmainargs
calloc
atof
_initterm
_rotl
_setmbcp
wcsncpy
memmove
wcsspn
clock
memcpy
wcscpy
strcpy
_ftol
time
wcsstr
_exit
_wtoi
_EH_prolog
strcmp
fgetws
__set_app_type
SysFreeString
VariantInit
SysAllocStringLen
Ord(251)
FindExecutableA
Shell_NotifyIconW
SHGetSpecialFolderPathA
SHAppBarMessage
ShellExecuteA
Shell_NotifyIconA
GetMessagePos
SetWindowRgn
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
SetMenuItemInfoA
SetMenuItemInfoW
GetDC
GetCursorPos
DrawTextA
SendMessageW
UnregisterClassA
SendMessageA
GetClientRect
DrawTextW
LoadImageA
PtInRect
DrawEdge
GetParent
UpdateWindow
EqualRect
ShowWindow
SetClassLongA
DrawFrameControl
EnableWindow
GetWindow
IsIconic
GetWindowLongA
SetTimer
FillRect
CopyRect
IsChild
SetFocus
DrawAnimatedRects
GetMessageA
PostMessageA
OffsetRect
KillTimer
RegisterWindowMessageA
DefWindowProcA
GetSystemMetrics
GetWindowRect
SetCapture
ReleaseCapture
SetWindowLongA
SetWindowTextA
GetSubMenu
SetWindowTextW
BringWindowToTop
ScreenToClient
GetClassLongA
FindWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemInfoA
AttachThreadInput
FlashWindow
SetForegroundWindow
PostThreadMessageA
GetMenuItemInfoW
ReleaseDC
LoadMenuA
GetCapture
FindWindowA
GetWindowThreadProcessId
MessageBoxW
FlashWindowEx
UnhookWindowsHookEx
SetRectEmpty
GetCursor
GetSysColor
GetKeyState
SystemParametersInfoA
DestroyIcon
IsWindowVisible
FrameRect
SetRect
DeleteMenu
InvalidateRect
wsprintfA
ModifyMenuW
IsRectEmpty
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
PlaySoundA
GetAdaptersInfo
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoTaskMemAlloc
CreateStreamOnHGlobal
CoCreateInstance
CreateBindCtx
CoTaskMemFree
RevokeBindStatusCallback
CreateURLMoniker
RegisterBindStatusCallback
Number of PE resources by type
SKIN 41
RT_BITMAP 23
SKINGIF 20
RGN 14
RT_ICON 9
RT_GROUP_ICON 7
RT_HTML 3
RT_DIALOG 2
RT_CURSOR 2
RT_GROUP_CURSOR 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 122
KOREAN 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.3.32

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
MiniOtto Service Agent

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
348160

EntryPoint
0x70310

OriginalFileName
MiniOtto

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007 SHOTECH Corp.

FileVersion
1, 0, 3, 32

TimeStamp
2007:10:01 07:16:00+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
MiniOtto

ProductVersion
1, 0, 3, 32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SHOTECH Corp.

CodeSize
507904

ProductName
MiniOtto

ProductVersionNumber
1.0.3.32

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 08b574f830a0d55cbfbce189c417e446
SHA1 fd168b3c87c8278c9d76f3a20ee353cee2d3cfec
SHA256 2585329bea3ebca59366119530eadb127415d3d6d5296b3823db7e75f0ddfc60
ssdeep
12288:OtbUUaqp4gK5Vh+blVBGY7xtmeLpbK6V8G92Q+FjKsx:6A3c495LCtkGFKy8G92FjKsx

authentihash f84c888cdae86e008806cf2e6f8cced3f4c4f79d81bb3219c587b5b8be2b7023
imphash 354e7aecf6a9f88c6bb0c4f34a91c591
File size 830.0 KB ( 849920 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2009-03-18 03:12:58 UTC ( 10 years, 2 months ago )
Last submission 2019-01-07 06:57:18 UTC ( 4 months, 1 week ago )
File names VirusShare_08b574f830a0d55cbfbce189c417e446
08B574F830A0D55CBFBCE189C417E446
0fFjDc.tar.bz2
miniotto.exe
EI3EgDIk.odt
MiniOtto
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!