× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a44dadb748a93ac87ad10f643426192d7beb993c4046fe546b1fb11981e7f0b
File name: file.exe
Detection ratio: 1 / 45
Analysis date: 2013-03-12 09:14:06 UTC ( 1 year, 1 month ago )
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20130312
AVG 20130312
Agnitum 20130312
AhnLab-V3 20130312
AntiVir 20130312
Antiy-AVL 20130311
Avast 20130312
BitDefender 20130312
ByteHero 20130304
ClamAV 20130312
Commtouch 20130312
Comodo 20130312
DrWeb 20130312
ESET-NOD32 20130312
Emsisoft 20130312
F-Prot 20130312
F-Secure 20130312
Fortinet 20130312
GData 20130312
Ikarus 20130312
Jiangmin 20130311
K7AntiVirus 20130311
Kaspersky 20130312
Kingsoft 20130311
Malwarebytes 20130312
McAfee 20130312
McAfee-GW-Edition 20130312
MicroWorld-eScan 20130312
Microsoft 20130312
NANO-Antivirus 20130312
Norman 20130311
PCTools 20130312
Panda 20130311
SUPERAntiSpyware 20130312
Sophos 20130312
Symantec 20130312
TheHacker 20130311
TotalDefense 20130312
TrendMicro 20130312
TrendMicro-HouseCall 20130312
VBA32 20130312
VIPRE 20130312
ViRobot 20130312
eSafe 20130307
nProtect 20130312
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-09 08:46:01
Entry Point 0x00001000
Number of sections 17
PE sections
PE imports
GetModuleHandleA
fclose
_mmap64
strtoul
strtoull
fflush
strtol
fputc
strtod
fwrite
strtof
fputs
_fstat64
regcomp
__errno
dup2
read
memcpy
strstr
__ctype_ptr__
__getreent
opendir
strcmp
memchr
strncmp
toupper
snprintf
optind
memset
readdir
close
strlcat
strchr
strlcpy
regfree
access
exit
strrchr
regexec
munmap
strcspn
asprintf
gmtime
free
_impure_ptr
asctime_r
_fopen64
wcwidth
_exit
_daylight
setlocale
realloc
_open64
printf
pread
cygwin_detach_dll
puts
_lseek64
_dll_crt0@0
qsort
putc
dup
strdup
unlink
fork
mktime
_fcntl64
execvp
getenv
vfprintf
cygwin_internal
strerror
getline
malloc
strndup
mbrtowc
abort
fprintf
strlen
_lstat64
write
ctime_r
rewind
mkstemp
waitpid
optarg
tolower
vasprintf
dll_dllcrt0
regerror
closedir
readlink
calloc
getopt_long
__assert_func
iswprint
pipe
__main
_stat64
utimes
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:09 09:46:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
75776

LinkerVersion
2.22

EntryPoint
0x1000

InitializedDataSize
24064

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 a3d647e56b8f4b8a214dfee1b64085b2
SHA1 b7ad0a739852b9954e4b001dc8ea51215f2b7a89
SHA256 2a44dadb748a93ac87ad10f643426192d7beb993c4046fe546b1fb11981e7f0b
ssdeep
6144:ysEIgt0OP/0EKj8NPR7MvbZj11vSwD+f66oz/:ysEIgKOP+Ac+f66oz/

File size 314.2 KB ( 321703 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-12 09:14:06 UTC ( 1 year, 1 month ago )
Last submission 2013-03-12 09:14:06 UTC ( 1 year, 1 month ago )
File names file.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!