× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2a4db3d28b0b8da7d31e5f91b1ea7852c8198349eae5a4d189b831ec076ecc9d
File name: EmuStudio.exe
Detection ratio: 1 / 49
Analysis date: 2014-04-04 12:22:22 UTC ( 8 months ago )
Antivirus Result Update
Comodo ApplicUnwnt.Win32.AdWare.GameVance.FGK 20140404
AVG 20140404
Ad-Aware 20140404
AegisLab 20140404
Agnitum 20140403
AhnLab-V3 20140404
AntiVir 20140404
Antiy-AVL 20140404
Avast 20140404
Baidu-International 20140404
BitDefender 20140404
Bkav 20140404
ByteHero 20140404
CAT-QuickHeal 20140404
CMC 20140404
ClamAV 20140404
Commtouch 20140404
DrWeb 20140404
ESET-NOD32 20140404
Emsisoft 20140404
F-Prot 20140404
F-Secure 20140404
Fortinet 20140404
GData 20140404
Ikarus 20140404
Jiangmin 20140404
K7AntiVirus 20140404
K7GW 20140404
Kaspersky 20140404
Kingsoft 20140404
Malwarebytes 20140404
McAfee 20140404
McAfee-GW-Edition 20140403
MicroWorld-eScan 20140404
Microsoft 20140404
NANO-Antivirus 20140404
Norman 20140404
Panda 20140404
Qihoo-360 20140404
Rising 20140404
SUPERAntiSpyware 20140404
Sophos 20140404
TheHacker 20140402
TotalDefense 20140403
TrendMicro 20140404
TrendMicro-HouseCall 20140404
VBA32 20140403
VIPRE 20140404
ViRobot 20140404
nProtect 20140403
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-12 23:23:23
Link date 12:23 AM 4/13/2013
Entry Point 0x00036120
Number of sections 5
PE sections
PE imports
DirectDrawCreate
CreateRectRgn
DeleteDC
SelectObject
GetStockObject
CreateRectRgnIndirect
CombineRgn
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetSystemInfo
VirtualProtect
GetOEMCP
QueryPerformanceCounter
HeapDestroy
ExitProcess
IsBadWritePtr
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetPriorityClass
GetEnvironmentStrings
GetFileType
SetConsoleCtrlHandler
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
DebugBreak
GetCurrentThread
SetStdHandle
GetModuleHandleA
CreateThread
GetStringTypeA
SetFilePointer
GetSystemTimeAsFileTime
ReadFile
InterlockedExchange
WriteFile
GetStartupInfoA
HeapValidate
CloseHandle
FreeConsole
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
SetPriorityClass
TerminateProcess
GetThreadPriority
LCMapStringA
HeapCreate
VirtualQuery
VirtualFree
AllocConsole
InterlockedDecrement
Sleep
IsBadReadPtr
SetEndOfFile
GetLocaleInfoA
CreateFileA
SetThreadPriority
GetCurrentThreadId
VirtualAlloc
SetCurrentDirectoryA
InterlockedIncrement
DragAcceptFiles
DragFinish
DragQueryFileA
GetMessageA
UpdateWindow
BeginPaint
keybd_event
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
GetSystemMetrics
GetWindowRect
DispatchMessageA
RegisterClassA
UnhookWindowsHookEx
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
TranslateMessage
CallNextHookEx
GetKeyState
GetAsyncKeyState
ReleaseDC
SetWindowTextA
GetClientRect
ClientToScreen
InvalidateRect
CreateWindowExA
LoadCursorA
LoadIconA
SetWindowsHookExA
EndPaint
GetWindowInfo
DestroyWindow
timeBeginPeriod
timeGetDevCaps
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipFree
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 2
RT_DIALOG 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
RUSSIAN 22
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:04:13 00:23:23+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
307200

LinkerVersion
7.1

FileAccessDate
2014:04:04 13:20:27+01:00

EntryPoint
0x36120

InitializedDataSize
1077248

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:04:04 13:20:27+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 901f7c515e5e20ef120900ff84a034f6
SHA1 0106d422b7cf22076b561d2f97869a9118122d49
SHA256 2a4db3d28b0b8da7d31e5f91b1ea7852c8198349eae5a4d189b831ec076ecc9d
ssdeep
6144:h/xzaZIjVDY7VCHkEQ2/z7zBEOx0NRwUQRa:hHVDY7wHkEQ2/z76Oxu

imphash 02c3a0350d0a9a31fddba83d941d7f3f
File size 436.0 KB ( 446464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe installshield

VirusTotal metadata
First submission 2014-04-04 09:44:10 UTC ( 8 months ago )
Last submission 2014-04-04 12:22:22 UTC ( 8 months ago )
File names EmuStudio.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files