× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3b965e3a3f093fbb20097a131bd074c9cb2bc6126f98f391b47f476d9c0118d0
File name: AView.exe
Detection ratio: 1 / 44
Analysis date: 2012-12-25 16:57:59 UTC ( 1 year, 4 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
TheHacker Posible_Worm32 20121225
AVG 20121225
Agnitum 20121225
AhnLab-V3 20121225
AntiVir 20121225
Antiy-AVL 20121225
Avast 20121225
BitDefender 20121225
ByteHero 20121212
CAT-QuickHeal 20121224
Commtouch 20121224
Comodo 20121225
DrWeb 20121225
ESET-NOD32 20121225
Emsisoft 20121225
F-Prot 20121225
F-Secure 20121225
Fortinet 20121225
GData 20121225
Ikarus 20121225
Jiangmin 20121221
K7AntiVirus 20121224
Kaspersky 20121225
Kingsoft 20121225
Malwarebytes 20121225
McAfee 20121225
McAfee-GW-Edition 20121225
MicroWorld-eScan 20121225
Microsoft 20121225
NANO-Antivirus 20121225
Norman 20121225
PCTools 20121225
Panda 20121225
Rising 20121224
SUPERAntiSpyware 20121224
Sophos 20121225
Symantec 20121225
TotalDefense 20121225
TrendMicro 20121225
TrendMicro-HouseCall 20121225
VBA32 20121223
VIPRE 20121225
ViRobot 20121225
nProtect 20121225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright (C) 2008

Product WinClient Application
Original name WinClient.EXE
Internal name WinClient
File version 1, 0, 0, 1
Description WinClient MFC Application
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-08-13 18:12:13
Link date 7:12 PM 8/13/2009
Entry Point 0x000095F0
Number of sections 3
PE sections
PE imports
LoadLibraryA
ExitProcess
GetProcAddress
Ord(1576)
DrawIcon
ProgIDFromCLSID
Number of PE resources by type
RT_DIALOG 2
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
28672

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2008

FileVersion
1, 0, 0, 1

TimeStamp
2009:08:13 19:12:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
WinClient

FileAccessDate
2014:03:12 12:35:17+01:00

ProductVersion
1, 0, 0, 1

FileDescription
WinClient MFC Application

OSVersion
4.0

FileCreateDate
2014:03:12 12:35:17+01:00

OriginalFilename
WinClient.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
8192

ProductName
WinClient Application

ProductVersionNumber
1.0.0.1

EntryPoint
0x95f0

ObjectFileType
Executable application

File identification
MD5 3e19800978eb981a643defb9263d4390
SHA1 7fb5c359b1ea3fb9f6e87e30a2eb201eca03731e
SHA256 3b965e3a3f093fbb20097a131bd074c9cb2bc6126f98f391b47f476d9c0118d0
ssdeep
192:9tb5hzx/6TEAQIokLXNCCWMd5ZepOpsGW32uDK/ro:9NjxyTAf4NVHepo+W/c

imphash ed4138b88451a3ef68b7a381b48076c1
File size 9.0 KB ( 9216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-01-31 12:18:59 UTC ( 4 years, 2 months ago )
Last submission 2014-03-12 11:35:50 UTC ( 1 month, 1 week ago )
File names AView.exe
WinClient
vti-rescan
WinClient.EXE
smona132702768842047518628
file-4938240_exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!