× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2714253ae4686360b45acd3fb2658966b6f61957a0b42d93cccad4a098b0a9da
File name: _load.exe
Detection ratio: 10 / 46
Analysis date: 2013-05-15 18:41:19 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
AVG Downloader.Agent2.BMSX 20130515
BitDefender Gen:Variant.Graftor.91143 20130515
ESET-NOD32 Win32/TrojanDownloader.Agent.RUT 20130515
Emsisoft Trojan-Downloader.Win32.Agent.AMN (A) 20130515
GData Gen:Variant.Graftor.91143 20130515
Ikarus Win32.SuspectCrc 20130515
MicroWorld-eScan Gen:Variant.Graftor.91143 20130515
Panda Suspicious file 20130515
TrendMicro-HouseCall TROJ_GEN.F47V0514 20130515
VIPRE Trojan.Win32.Generic!BT 20130515
Agnitum 20130515
AhnLab-V3 20130515
AntiVir 20130515
Antiy-AVL 20130515
Avast 20130515
ByteHero 20130513
CAT-QuickHeal 20130515
ClamAV 20130515
Commtouch 20130515
Comodo 20130515
DrWeb 20130515
F-Prot 20130515
F-Secure 20130515
Fortinet 20130515
Jiangmin 20130515
K7AntiVirus 20130515
K7GW 20130515
Kaspersky 20130515
Kingsoft 20130506
Malwarebytes 20130515
McAfee 20130515
McAfee-GW-Edition 20130515
Microsoft 20130515
NANO-Antivirus 20130515
Norman 20130515
PCTools 20130515
SUPERAntiSpyware 20130515
Sophos 20130515
Symantec 20130515
TheHacker 20130514
TotalDefense 20130515
TrendMicro 20130515
VBA32 20130515
ViRobot 20130515
eSafe 20130513
nProtect 20130515
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
2002

Publisher Mandiant
Product Mandiant
File version 7.0.0.2
Description Mandiant
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-13 11:22:24
Link date 12:22 PM 5/13/2013
Entry Point 0x0000B064
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
GetComputerNameW
SetHandleCount
GetThreadPriorityBoost
GetModuleFileNameW
PurgeComm
LCMapStringA
HeapDestroy
ExitProcess
SetFileApisToANSI
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
TransactNamedPipe
FindFirstChangeNotificationW
FreeEnvironmentStringsA
SetupComm
GetStartupInfoA
SwitchToThread
GetEnvironmentStrings
GetStringTypeW
GetFileSize
LCMapStringW
SetFilePointer
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
SetStdHandle
FreeEnvironmentStringsW
BackupWrite
GetCommandLineA
GetProcAddress
_lread
CreateFileMappingW
GetModuleHandleA
WideCharToMultiByte
GetStringTypeA
_lcreat
DeleteCriticalSection
WriteFile
GetCurrentProcess
DeleteAtom
CloseHandle
SwitchToFiber
GetACP
HeapReAlloc
UpdateResourceA
FreeLibrary
GetPrivateProfileIntW
TerminateProcess
GetModuleFileNameA
HeapCreate
VirtualFree
LocalHandle
GetFileType
SetFileAttributesW
HeapAlloc
GetVersion
VirtualAlloc
GetCurrentProcessId
GetOEMCP
Number of PE resources by type
RT_MENU 2
RT_ACCELERATOR 1
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 6
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
1018368

MIMEType
application/octet-stream

LegalCopyright
2002

FileVersion
7.0.0.2

TimeStamp
2013:05:13 12:22:24+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:03:06 11:03:05+01:00

ProductVersion
7.0.0.2

FileDescription
Mandiant

OSVersion
4.0

FileCreateDate
2014:03:06 11:03:05+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Mandiant

CodeSize
51200

ProductName
Mandiant

ProductVersionNumber
7.0.0.2

EntryPoint
0xb064

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 bcadffb2117751fb89a4bb8768681030
SHA1 23c7e89335bdd476612bfd6767d7e44f473dabba
SHA256 2714253ae4686360b45acd3fb2658966b6f61957a0b42d93cccad4a098b0a9da
ssdeep
1536:dmrhT3nec70AQXsYNEhbQ8TWmMNkBCdfdHokoyy0T0:QhTecQ8cEhbQ8TWmMNddfvoKT0

imphash 6dd22df6f99e20ac6cb456f799f08f54
File size 60.5 KB ( 61952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-05-14 06:31:26 UTC ( 11 months, 2 weeks ago )
Last submission 2013-05-18 11:06:25 UTC ( 11 months, 1 week ago )
File names _load.exe-W9hvAW
bcadffb2117751fb89a4bb8768681030.exe
11010303
file-5499297_exe
_load.exe
bcadffb2117751fb89a4bb8768681030
output.11010303.txt
load.ex
_load.exe
35701746-9-68_1._load.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!