× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 380621cceff2c9f93994ddd88c6b86d8035c52677162a30e1a3ffbab54f07c84
File name: IE4UINIT.EXE
Detection ratio: 16 / 45
Analysis date: 2013-02-08 00:46:42 UTC ( 6 years, 2 months ago )
Antivirus Result Update
Avast Win32:Virut 20130208
CAT-QuickHeal W32.Virut.D 20130207
ClamAV W32.Virut.sa 20130207
Comodo Virus.Win32.Virut.n 20130208
GData Win32:Virut 20130208
Ikarus Virus.Win32.Virut 20130207
Kingsoft Win32.Virut.np.4480 20130204
McAfee Artemis!3F6A7E87B41D 20130207
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!81 20130208
Norman Virut.BIED 20130207
Panda Trj/CI.A 20130207
Symantec WS.Reputation.1 20130208
TotalDefense Win32/Virut!corrupt 20130207
TrendMicro PE_VIRUT.GEN-2 20130208
TrendMicro-HouseCall PE_VIRUT.GEN-2 20130208
VIPRE Trojan.Win32.Generic!BT 20130208
Yandex 20130207
AhnLab-V3 20130207
AntiVir 20130208
Antiy-AVL 20130207
AVG 20130208
BitDefender 20130208
ByteHero 20130207
Commtouch 20130207
Emsisoft 20130208
eSafe 20130206
ESET-NOD32 20130207
F-Prot 20130201
F-Secure 20130207
Fortinet 20130207
Jiangmin 20130207
K7AntiVirus 20130207
Kaspersky 20130208
Malwarebytes 20130207
Microsoft 20130208
eScan 20130208
NANO-Antivirus 20130207
nProtect 20130207
PCTools 20130208
Rising 20130205
Sophos AV 20130207
SUPERAntiSpyware 20130207
TheHacker 20130207
VBA32 20130206
ViRobot 20130207
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) __________ __________. ___ _____ ________.

Publisher __________ __________
Product ____________ _______ Microsoft_ Windows_
Original name IE4UINIT.EXE
Internal name IE4UINIT
File version 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Description _________ _________ ________________ _________ IE 5.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 06:01:52
Entry Point 0x0000596F
Number of sections 3
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
DelNode
GetVersionFromFile
RunSetupCommand
RegRestoreAll
ExecuteCab
GetLastError
lstrlenA
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
CopyFileA
ExitProcess
CreateDirectoryA
GetVersionExA
LoadLibraryA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
LoadLibraryExA
GetPrivateProfileStringA
GetCurrentProcessId
lstrcatA
IsDBCSLeadByte
GetWindowsDirectoryA
UnhandledExceptionFilter
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
SetFilePointer
GetFileAttributesA
GetModuleHandleA
lstrcmpA
FindFirstFileA
SetUnhandledExceptionFilter
lstrcpyA
GetStartupInfoA
ReadFile
GetSystemTimeAsFileTime
lstrcpynA
GlobalMemoryStatus
GetSystemDirectoryA
ExpandEnvironmentStringsA
SetFileAttributesA
GetDriveTypeA
LocalFree
TerminateProcess
WriteFile
SetCurrentDirectoryA
FindClose
CreateFileA
GetTickCount
GetCurrentThreadId
LocalAlloc
CloseHandle
SHChangeNotify
ShellExecuteA
Ord(179)
SHFileOperationA
PathGetDriveNumberA
PathIsUNCA
PathRemoveBackslashA
PathIsDirectoryA
PathFindFileNameA
SHCopyKeyA
PathRemoveFileSpecA
wsprintfA
CharLowerA
CharPrevA
LoadStringA
CharNextA
MessageBoxA
CharUpperA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
_except_handler3
_cexit
_c_exit
_acmdln
_exit
__p__commode
__setusermatherr
__p__fmode
exit
_XcptFilter
__getmainargs
_initterm
_controlfp
_adjust_fdiv
__set_app_type
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_STRING 2
RT_VERSION 1
Number of PE resources by language
RUSSIAN 3
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
6.0.2900.2180

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
3072

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2004:08:04 07:01:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
IE4UINIT

ProductVersion
6.00.2900.2180

FileDescription
IE 5.0

OSVersion
5.1

OriginalFilename
IE4UINIT.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
30208

ProductName
Microsoft Windows

ProductVersionNumber
6.0.2900.2180

EntryPoint
0x596f

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3f6a7e87b41d8388b7ffef2dee953770
SHA1 f129e303cfacbc3461d987b579afaedf0e0b947d
SHA256 380621cceff2c9f93994ddd88c6b86d8035c52677162a30e1a3ffbab54f07c84
ssdeep
384:IMzA+ik2zwhYmbnl4T3ZnzzUcxDHl5sHNc4mqA8AIbRUQyXEp/eHQblJcpHat8Q+:IaDgzwh3eLN/dhZqu6RsXEp/e6JcAud

File size 34.0 KB ( 34816 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-05 17:57:25 UTC ( 6 years, 2 months ago )
Last submission 2013-02-08 00:46:42 UTC ( 6 years, 2 months ago )
File names 3f6a7e87b41d8388b7ffef2dee953770
IE4UINIT
IE4UINIT.EXE
avz00040.dta
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Set keys
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.