× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3461908844656b0e07ed5ef9c6bee86ac2ce076c500a04cf990d33bcf1aa13c6
File name: 6574.exe
Detection ratio: 2 / 57
Analysis date: 2015-08-19 11:40:27 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Kaspersky HEUR:Trojan.Win32.Generic 20150819
Qihoo-360 HEUR/QVM07.1.Malware.Gen 20150819
Ad-Aware 20150819
AegisLab 20150819
Yandex 20150818
AhnLab-V3 20150819
Alibaba 20150819
ALYac 20150819
Antiy-AVL 20150819
Arcabit 20150819
Avast 20150819
AVG 20150819
Avira (no cloud) 20150819
AVware 20150819
Baidu-International 20150819
BitDefender 20150819
Bkav 20150819
ByteHero 20150819
CAT-QuickHeal 20150819
ClamAV 20150819
CMC 20150819
Comodo 20150819
Cyren 20150819
DrWeb 20150819
Emsisoft 20150819
ESET-NOD32 20150819
F-Prot 20150819
F-Secure 20150819
Fortinet 20150819
GData 20150819
Ikarus 20150819
Jiangmin 20150818
K7AntiVirus 20150819
K7GW 20150819
Kingsoft 20150819
Malwarebytes 20150819
McAfee 20150819
McAfee-GW-Edition 20150819
Microsoft 20150819
eScan 20150819
NANO-Antivirus 20150819
nProtect 20150819
Panda 20150819
Rising 20150817
Sophos AV 20150819
SUPERAntiSpyware 20150818
Symantec 20150818
Tencent 20150819
TheHacker 20150818
TotalDefense 20150819
TrendMicro 20150819
TrendMicro-HouseCall 20150819
VBA32 20150819
VIPRE 20150819
ViRobot 20150819
Zillya 20150819
Zoner 20150819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-06-29 13:19:10
Entry Point 0x00002886
Number of sections 4
PE sections
Overlays
MD5 63a673cbb8226ee9b2cdaf0bb87d451d
File type data
Offset 61440
Size 76977
Entropy 7.83
PE imports
PatBlt
SetICMProfileA
GetCharABCWidthsA
GetEnhMetaFileW
GetROP2
GetDeviceGammaRamp
OffsetViewportOrgEx
GetCharacterPlacementW
CreateDIBPatternBrush
SetMetaFileBitsEx
GetCharacterPlacementA
SetTextColor
CreatePatternBrush
GetMiterLimit
EnumObjects
StretchDIBits
SetBrushOrgEx
CombineTransform
SetTextCharacterExtra
BeginPath
DeleteObject
GetTextCharacterExtra
CreatePenIndirect
GetProfileIntW
GetStartupInfoA
GlobalFindAtomA
GetCPInfoExA
GetModuleHandleA
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
DdeCreateStringHandleA
VerInstallFileA
GetFileVersionInfoSizeA
AddPrintProcessorW
OleRegGetMiscStatus
CoFileTimeToDosDateTime
CoInternetQueryInfo
RevokeBindStatusCallback
URLOpenPullStreamW
CoInternetGetSecurityUrl
IsAsyncMoniker
CreateURLMoniker
HlinkSimpleNavigateToString
SetSoftwareUpdateAdvertisementState
URLOpenBlockingStreamW
RegisterFormatEnumerator
CoInternetCombineUrl
UrlMkGetSessionOption
CopyBindInfo
Number of PE resources by type
RT_STRING 56
RT_ICON 6
RT_MENU 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ZULU DEFAULT 66
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
2080768

ImageVersion
0.0

ProductName
Aging Aire

FileVersionNumber
0.109.91.190

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
155, 35, 141, 219

TimeStamp
2006:06:29 15:19:10+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Weave

FileDescription
Berliner

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1902

MachineType
Intel 386 or later, and compatibles

CompanyName
Networks Associates Technologies, Inc.

CodeSize
8192

FileSubtype
0

ProductVersionNumber
0.221.67.97

EntryPoint
0x2886

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 06df7c887ce14ded7e21c0491f179536
SHA1 90ce49aba3fb76f4b2884a60fd20bac8b160d6e6
SHA256 3461908844656b0e07ed5ef9c6bee86ac2ce076c500a04cf990d33bcf1aa13c6
ssdeep
3072:YZ/iEp5FwPvp+/a0Hieo7yWEWus+sXoB4t:0/Hzjagie8LRoBm

authentihash 07b08a1c32dff89975b00cecad0502afa8b1df52c7405bdaecdee6ec280f4b75
imphash 7cd70f10eeda3c880b0334bbc0761bc2
File size 135.2 KB ( 138417 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-08-19 10:37:41 UTC ( 3 years, 8 months ago )
Last submission 2019-01-24 14:59:15 UTC ( 2 months, 3 weeks ago )
File names 6574.exe
6574.exe.ViR
6574.exe
_duplicate_63ad26c3f608ab602b6a6c3616f3abbdd9aad9b7.exe
6574.exe
6574.exe
WK0CG2r.odt
6574.exe
3461908844656b0e07ed5ef9c6bee86ac2ce076c500a04cf990d33bcf1aa13c6.bin
06DF7C887CE14DED7E21C0491F179536
06df7c887ce14ded7e21c0491f179536.exe
6574.exe
3461908844656b0e07ed5ef9c6bee86ac2ce076c500a04cf990d33bcf1aa13c6.exe
06DF7C887CE14DED7E21C0491F179536.7B185A20
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened service managers
Runtime DLLs