× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3358f50d7378862e2c717c1a1e31f6a051b76b06470272619af333c49442f676
File name: wtf1.exe
Detection ratio: 1 / 42
Analysis date: 2012-04-29 17:49:32 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20120423
AhnLab-V3 20120423
AntiVir 20120424
Antiy-AVL 20120424
Avast 20120423
AVG 20120423
BitDefender 20120424
ByteHero 20120424
CAT-QuickHeal 20120423
ClamAV 20120424
Commtouch 20120424
Comodo 20120424
DrWeb 20120424
Emsisoft 20120424
eSafe 20120423
eTrust-Vet 20120423
F-Prot 20120423
F-Secure 20120424
Fortinet 20120424
GData 20120423
Ikarus 20120424
Jiangmin 20120424
K7AntiVirus 20120420
Kaspersky 20120424
McAfee 20120423
Microsoft 20120424
NOD32 20120424
Norman 20120423
nProtect 20120423
Panda 20120423
PCTools 20120423
Rising 20120423
Sophos AV 20120424
SUPERAntiSpyware 20120402
Symantec 20120424
TheHacker 20120422
TrendMicro 20120423
TrendMicro-HouseCall 20120424
VBA32 20120422
VIPRE 20120424
ViRobot 20120424
VirusBuster 20120423
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-29 17:41:06
Entry Point 0x00011109
Number of sections 7
PE sections
PE imports
HeapFree
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
HeapSetInformation
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
EncodePointer
GetProcessHeap
RaiseException
WideCharToMultiByte
GetModuleFileNameW
InterlockedExchange
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
DecodePointer
GetModuleHandleW
TerminateProcess
VirtualQuery
Sleep
HeapAlloc
GetCurrentThreadId
printf
__dllonexit
_controlfp_s
wcscpy_s
_invoke_watson
_fmode
getchar
_cexit
?terminate@@YAXXZ
_lock
_onexit
__initenv
exit
_XcptFilter
_commode
_CrtSetCheckCount
__setusermatherr
_initterm_e
_amsg_exit
_CrtDbgReportW
_unlock
_crt_debugger_hook
_wsplitpath_s
_except_handler4_common
__getmainargs
_exit
_wmakepath_s
_CRT_RTC_INITW
_configthreadlocale
_initterm
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:04:29 18:41:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14336

LinkerVersion
10.0

EntryPoint
0x11109

InitializedDataSize
14848

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 483f838bfc7f87df2225c36219d98310
SHA1 9cf503e191e510683931cd09273823f9f60f6f2c
SHA256 3358f50d7378862e2c717c1a1e31f6a051b76b06470272619af333c49442f676
ssdeep
384:GGTVVPoeJ0qaYi1d8vONPz61FlPIwUbhdOE7VDBX:GG/hji5NrG7Ul5DBX

authentihash 0a57d88d5e052b80ad0f540cd3600a6eaf9eea6d9218a0d918cb3a56beae1d42
imphash 6a7dadde68b6b8b7cfb5f6a81c5fee01
File size 28.5 KB ( 29184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2012-04-29 17:49:32 UTC ( 5 years, 3 months ago )
Last submission 2016-01-11 05:34:21 UTC ( 1 year, 7 months ago )
File names 3358f50d7378862e2c717c1a1e31f6a051b76b06470272619af333c49442f676.vir
wtf1.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!