× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 38c96fc7f402772beed9c83512da6189cb9b92f7f36fc8a5c8b70f2a6fc4faab
File name: packupdate_build107_2027.exe
Detection ratio: 14 / 41
Analysis date: 2010-05-04 23:12:12 UTC ( 6 years, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Downloader/Win32.Agent 20100504
Avast Win32:Crypt-GHH 20100504
Avast5 Win32:Crypt-GHH 20100504
AVG Cryptic.JX 20100504
BitDefender Gen:Variant.Ursnif.8 20100504
CAT-QuickHeal (Suspicious) - DNAScan 20100504
Comodo Heur.Suspicious 20100504
DrWeb Trojan.Fakealert.7869 20100504
F-Secure Suspicious:W32/Malware!Gemini 20100504
GData Gen:Variant.Ursnif.8 20100504
McAfee Generic FakeAlert!hm 20100504
Microsoft TrojanDownloader:Win32/FakeVimes 20100504
nProtect Gen:Variant.Ursnif.8 20100504
Prevx Medium Risk Malware Dropper 20100504
a-squared 20100504
AntiVir 20100504
Antiy-AVL 20100430
Authentium 20100504
ClamAV 20100504
eSafe 20100503
eTrust-Vet 20100504
F-Prot 20100504
Fortinet 20100503
Ikarus 20100504
Jiangmin 20100504
Kaspersky 20100504
McAfee-GW-Edition 20100504
NOD32 20100504
Norman 20100504
Panda 20100504
PCTools 20100504
Rising 20100504
Sophos 20100504
Sunbelt 20100504
Symantec 20100504
TheHacker 20100503
TrendMicro 20100504
TrendMicro-HouseCall 20100504
VBA32 20100504
ViRobot 20100504
VirusBuster 20100504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
newSft

Internal name list
File version 3, 4, 3, 34
Description newSft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-01-17 16:47:23
Entry Point 0x0005F0D0
Number of sections 6
PE sections
PE imports
LookupPrivilegeValueA, RegCloseKey
RestoreDC
FindResourceA, GetLastError, WritePrivateProfileStringA, GetCurrentProcessId, GetTickCount, TerminateProcess, LoadResource, WriteConsoleW, QueryPerformanceCounter, CreateFileW, WritePrivateProfileSectionW, VirtualAlloc, SizeofResource, WritePrivateProfileSectionA, ExitProcess, LockResource, GetCurrentThreadId, GetCurrentProcess, SleepEx, WaitForSingleObject
SetupInstallFromInfSectionA, SetupDiOpenClassRegKey, SetupOpenInfFileA, SetupCloseInfFile
LoadStringW
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
19968

ImageVersion
0.0

FileVersionNumber
1.0.0.1

UninitializedDataSize
389120

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

LinkerVersion
6.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3, 4, 3, 34

TimeStamp
2008:01:17 08:47:23-08:00

FileType
Win32 EXE

PEType
PE32

InternalName
list

ProductVersion
6, 3, 2, 66

FileDescription
newSft

OSVersion
5.0

FileOS
Win32

LegalCopyright
newSft

MachineType
Intel 386 or later, and compatibles

CodeSize
364544

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0x5f0d0

ObjectFileType
Unknown

File identification
MD5 06b0ec8add9376b116151425542bf733
SHA1 559dd92a7e28338c78286dc48ea58952c6f95169
SHA256 38c96fc7f402772beed9c83512da6189cb9b92f7f36fc8a5c8b70f2a6fc4faab
ssdeep
6144:kyElcn2M0sCgY2FBLonB2y/cv5kRJ/qbaP:/Eg2M0sCvFBkGJGa

File size 376.5 KB ( 385536 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
Tags
peexe

VirusTotal metadata
First submission 2010-05-04 12:11:22 UTC ( 6 years, 11 months ago )
Last submission 2012-08-03 02:18:13 UTC ( 4 years, 8 months ago )
File names list
06B0EC8ADD9376B116151425542BF733.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!