× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2667c592d5165a190791ce535a59e381a840708d33987bb795712917953f2529
File name: b282b8991cfb36d6e29190aa87ddd67e
Detection ratio: 35 / 43
Analysis date: 2012-03-25 20:39:13 UTC ( 2 years ago )
Antivirus Result Update
AVG Generic_r.EZ 20120325
AhnLab-V3 Adware/Win32.Hotbar 20120325
AntiVir ADSPY/AdSpy.Gen2 20120325
Avast Win32:HotBar-BE [PUP] 20120325
BitDefender Gen:Variant.Adware.Hotbar.1 20120325
CAT-QuickHeal Adware.Hotbar.AZ4 20120325
ClamAV Suspect.W32.AdInstall.PBCXP 20120325
Commtouch W32/HotBar.L.gen!Eldorado 20120325
Comodo ApplicUnwnt.Win32.AdWare.HotBar.DE 20120325
DrWeb Adware.Hotbar.700 20120325
Emsisoft AdWare.Win32.HotBar!IK 20120325
F-Prot W32/HotBar.L.gen!Eldorado 20120325
F-Secure Gen:Variant.Adware.Hotbar.2 20120325
Fortinet Adware/Hotbar 20120324
GData Gen:Variant.Adware.Hotbar.1 20120325
Ikarus AdWare.Win32.HotBar 20120325
Jiangmin AdWare/ScreenSaver.oj 20120325
K7AntiVirus Adware 20120323
Kaspersky not-a-virus:AdWare.Win32.ScreenSaver.i 20120325
McAfee Adware-HotBar.f 20120325
McAfee-GW-Edition Adware-HotBar.f 20120325
Microsoft Adware:Win32/Hotbar 20120325
NOD32 a variant of Win32/Adware.HotBar.K 20120325
Norman W32/180Solutions.BQC 20120325
PCTools Adware.Clkpotato 20120323
Rising Trojan.Win32.Generic.12BC75B0 20120323
SUPERAntiSpyware Adware.Agent/Gen-Zango 20120323
Sophos ClickPotato Installer 20120325
Symantec Adware.Clkpotato!gen3 20120325
TrendMicro HeurSpy_Zango-3 20120325
TrendMicro-HouseCall HeurSpy_Zango-3 20120325
VBA32 BScope.Injector.xg 20120323
VIPRE Pinball Corporation. (v) 20120325
eSafe Win32.ADSPYAdSpy 20120325
eTrust-Vet Win32/Zango.Pinball[HOTBAR] 20120323
Antiy-AVL 20120325
ByteHero 20120319
Panda 20120325
Prevx 20120325
TheHacker 20120325
ViRobot 20120325
VirusBuster 20120323
nProtect 20120325
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
File version 2.0.655.0
Description Installer
Signing date 9:41 PM 3/25/2012
PE header basic information
Number of sections 3
PE sections
PE imports
RegCloseKey
PatBlt
GetAdaptersInfo
LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
UrlEscapeA
VerQueryValueA
CoInitialize
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
8192

ImageVersion
0.0

FileVersionNumber
2.0.655.0

UninitializedDataSize
315392

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
9.0

MIMEType
application/octet-stream

FileVersion
2.0.655.0

TimeStamp
2012:03:08 17:05:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.655.0

FileDescription
Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
229376

FileSubtype
0

ProductVersionNumber
2.0.655.0

EntryPoint
0x85db0

ObjectFileType
Executable application

File identification
MD5 b282b8991cfb36d6e29190aa87ddd67e
SHA1 36f0500289665bfce7cd7f0093db02e0db7b6af9
SHA256 2667c592d5165a190791ce535a59e381a840708d33987bb795712917953f2529
ssdeep
3072:blELL7XOCw0xQCdMey44tVkZj+8FzB7C1XWLmjPUXiYR8Pyqsk7CWsDPRa2C:Y3kOMeaavF17EP6qyqs6nsDPR5C

File size 236.2 KB ( 241848 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit, UPX compressed

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
Tags
signed

VirusTotal metadata
First submission 2012-03-22 18:27:43 UTC ( 2 years ago )
Last submission 2012-03-25 20:39:13 UTC ( 2 years ago )
File names VLCSetup.exe?rnd=135312
2667c592d5165a190791ce535a59e381a840708d33987bb795712917953f2529
b282b8991cfb36d6e29190aa87ddd67e
output.1346653.txt
1346653
output.1347411.txt
VLCSetup.exe
1347411
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!