× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 342b87e7a2124b98b9bd50440de048ac0444c9bd12d985939fa062e987e313c3
File name: CPE17AntiAutorun
Detection ratio: 51 / 57
Analysis date: 2016-05-24 08:40:02 UTC ( 2 years, 5 months ago )
Antivirus Result Update
Ad-Aware Win32.Sality.OG 20160524
AegisLab W32.Sality.gen!c 20160524
AhnLab-V3 Win32/Kashu.B 20160524
ALYac Win32.Sality.OG 20160524
Antiy-AVL Virus/Win32.Sality.gen 20160524
Arcabit Win32.Sality.OG 20160524
Avast Win32:Kukacka 20160524
AVG Win32/DH.FF82025D{NA?} 20160524
Avira (no cloud) W32/Sality.Y 20160524
AVware Virus.Win32.Sality.ah (v) 20160524
Baidu Win32.Virus.Sality.b 20160523
Baidu-International Virus.Win32.Sality.$gen 20160523
BitDefender Win32.Sality.OG 20160524
Bkav W32.SalityVC.PE 20160524
CAT-QuickHeal W32.Sality.R 20160524
Comodo Virus.Win32.Sality.gen 20160524
Cyren W32/Sality.AK 20160524
DrWeb Win32.Sector.5 20160524
Emsisoft Win32.Sality.OG (B) 20160524
ESET-NOD32 Win32/Sality.NAR 20160524
F-Prot W32/Sality.AK 20160524
F-Secure Win32.Sality.OG 20160524
Fortinet W32/Sality.AA 20160524
GData Win32.Sality.OG 20160524
Ikarus Trojan.SuspectCRC 20160524
Jiangmin Win32/Virut.bt 20160524
K7AntiVirus Virus ( f10001011 ) 20160524
K7GW Virus ( f10001011 ) 20160524
Kaspersky Virus.Win32.Sality.gen 20160524
Kingsoft Win32.Sality.ab.173464 20160524
McAfee W32/Sality.gen.z 20160524
McAfee-GW-Edition BehavesLike.Win32.Sality.dh 20160523
Microsoft Virus:Win32/Sality.AM 20160524
eScan Win32.Sality.OG 20160524
NANO-Antivirus Virus.Win32.Sality.gcen 20160524
nProtect Win32.Sality.OG 20160523
Panda W32/Sality.AK 20160523
Qihoo-360 Virus.Win32.Sality.I 20160524
Rising Win32.KUKU.a 20160524
Sophos AV W32/Sality-AM 20160524
Symantec W32.Sality.AE 20160524
Tencent Win32.Virus.Sality.Ecjp 20160524
TheHacker W32/Sality.gen 20160523
TotalDefense Win32/Sality.AA 20160524
TrendMicro PE_SALITY.EN-1 20160524
TrendMicro-HouseCall PE_SALITY.EN-1 20160524
VBA32 Virus.Win32.Sality.kaka 20160523
VIPRE Virus.Win32.Sality.ah (v) 20160524
ViRobot Win32.Sality.Gen.A[h] 20160524
Yandex Win32.Sality.AP.Gen 20160523
Zillya Virus.Sality.Win32.15 20160523
Alibaba 20160524
ClamAV 20160524
CMC 20160523
Malwarebytes 20160524
SUPERAntiSpyware 20160524
Zoner 20160524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007 by Nathaphon K.

Product CPE17 Autorun Killer (AntiAutorun)
Original name CPE17AntiAutorun.exe
Internal name CPE17AntiAutorun
File version 1, 7, 2, 1330
Description CPE17 Autorun Killer (AntiAutorun)
Comments Protect from Autorun Virus
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-04-04 03:44:37
Entry Point 0x0000B67C
Number of sections 5
PE sections
PE imports
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyA
GetDeviceCaps
SetBkMode
CreateFontA
CreateSolidBrush
SelectObject
SetTextColor
GetSystemTime
GetLastError
GetEnvironmentVariableA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
FileTimeToSystemTime
GetFileAttributesA
GlobalFree
FreeLibrary
LCMapStringA
HeapDestroy
HeapAlloc
IsBadWritePtr
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
GetSystemDirectoryA
RtlUnwind
GetModuleFileNameA
WinExec
FreeEnvironmentStringsA
GetStartupInfoA
GetVolumeInformationA
FileTimeToLocalFileTime
GetEnvironmentStrings
GetWindowsDirectoryA
OpenProcess
DeleteFileA
CreateFileA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
HeapSize
GetLogicalDrives
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetFileType
SetStdHandle
CompareStringW
CloseHandle
WideCharToMultiByte
GetStringTypeA
SetFilePointer
ReadFile
GetModuleHandleA
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
FindFirstFileA
CompareStringA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
Beep
SetEnvironmentVariableA
GetDriveTypeA
TerminateProcess
DeviceIoControl
GetTimeZoneInformation
GetLocalTime
GetLogicalDriveStringsA
HeapCreate
GlobalAlloc
VirtualFree
FindClose
CopyFileA
Sleep
IsBadReadPtr
SetEndOfFile
IsBadCodePtr
ExitProcess
GetVersion
VirtualAlloc
GetOEMCP
MulDiv
Shell_NotifyIconA
GetMessageA
UpdateWindow
EndDialog
BeginPaint
KillTimer
DestroyMenu
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
FindWindowA
SendDlgItemMessageA
GetSystemMetrics
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
RegisterWindowMessageA
MessageBoxA
TranslateMessage
DialogBoxParamA
GetDlgItemInt
SetActiveWindow
GetMenuItemID
RegisterClassExA
GetCursorPos
DrawTextA
LoadMenuA
GetSubMenu
SendMessageA
GetClientRect
CreateWindowExA
GetDlgItem
SetMenuDefaultItem
LoadAcceleratorsA
wsprintfA
GetWindowTextLengthA
SetTimer
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
LoadStringA
TranslateAcceleratorA
SetForegroundWindow
DestroyWindow
mciSendCommandA
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 5
RT_DIALOG 4
RT_STRING 2
RT_MENU 2
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
CodeSize
73728

SubsystemVersion
4.0

Comments
Protect from Autorun Virus

InitializedDataSize
81920

ImageVersion
0.0

ProductName
CPE17 Autorun Killer (AntiAutorun)

FileVersionNumber
1.7.2.1330

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
CPE17AntiAutorun.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1, 7, 2, 1330

TimeStamp
2008:04:04 04:44:37+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
CPE17AntiAutorun

ProductVersion
1, 7, 2, 1330

FileDescription
CPE17 Autorun Killer (AntiAutorun)

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2007 by Nathaphon K.

MachineType
Intel 386 or later, and compatibles

CompanyName
HotAHA!com

LegalTrademarks
http://www.cpe17.com

FileSubtype
0

ProductVersionNumber
1.7.2.1330

EntryPoint
0xb67c

ObjectFileType
Executable application

File identification
MD5 f3816ab4bfa90f03a7caac95ebea0a0e
SHA1 e2371e433af45e80c48c444bc81ebf946dbd70d0
SHA256 342b87e7a2124b98b9bd50440de048ac0444c9bd12d985939fa062e987e313c3
ssdeep
3072:Fwd3EgT4WLbmx7SlEh2McQ6crohM0pRgB4UF2kIja7hV6L0RxdQMVKQ2cp:Fwd3hT4ybm8l4cQVey2kIGhEL0R2c

authentihash 2c39b1fd61bc8a8f14626369cf22091a3ddf710c0f53e975ddb8178969ccbe2d
imphash 5c9ecba8cba476acb6bde34174ed3759
File size 216.0 KB ( 221184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-22 07:47:51 UTC ( 5 years, 10 months ago )
Last submission 2016-05-24 08:40:02 UTC ( 2 years, 5 months ago )
File names 12765615
QpXxRHw1.reg
aa
5lvRm.xlsx
342b87e7a2124b98b9bd50440de048ac0444c9bd12d985939fa062e987e313c3
CPE17AntiAutorun
output.12765615.txt
CPE17AntiAutorun1330.01.exe.vir.vt
CPE17AntiAutorun1330.exe
f3816ab4bfa90f03a7caac95ebe
f3816ab4bfa90f03a7caac95ebea0a0e.exe
CPE17AntiAutorun.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Set keys
Deleted keys
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications