× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3c004420b1c819454966e581be38b5ed616a66977e7f52576ac5612c00e0e585
File name: IU.exe
Detection ratio: 0 / 42
Analysis date: 2012-08-11 04:41:38 UTC ( 4 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120810
AntiVir 20120810
Antiy-AVL 20120810
Avast 20120810
AVG 20120810
BitDefender 20120811
ByteHero 20120723
CAT-QuickHeal 20120810
ClamAV 20120810
Commtouch 20120811
Comodo 20120811
DrWeb 20120811
Emsisoft 20120811
eSafe 20120809
ESET-NOD32 20120810
F-Prot 20120810
F-Secure 20120811
Fortinet 20120811
GData 20120811
Ikarus 20120811
Jiangmin 20120811
K7AntiVirus 20120810
Kaspersky 20120811
McAfee 20120811
McAfee-GW-Edition 20120811
Microsoft 20120810
Norman 20120810
nProtect 20120810
Panda 20120810
PCTools 20120811
Rising 20120810
Sophos 20120811
SUPERAntiSpyware 20120811
Symantec 20120811
TheHacker 20120810
TotalDefense 20120810
TrendMicro 20120811
TrendMicro-HouseCall 20120811
VBA32 20120810
VIPRE 20120811
ViRobot 20120811
VirusBuster 20120810
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Calwell Inc.

Publisher Calwell Inc.
Product Install/Uninstall
Original name UI.EXE
File version 2.0.0.1
Description Install/Uninstall helps you understand and remove installed apps in Windows
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Entry Point 0x001B30E0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
GetOpenFileNameA
CoTaskMemFree
VariantCopy
DragFinish
VerQueryValueA
Number of PE resources by type
RT_RCDATA 4
RT_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
CodeSize
516096

UninitializedDataSize
1265664

LinkerVersion
2.6

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
2.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
4096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Calwell Inc.

FileVersion
2.0.0.1

TimeStamp
0000:00:00 00:00:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

FileAccessDate
2014:05:16 18:03:08+01:00

ProductVersion
2.0

FileDescription
Install/Uninstall helps you understand and remove installed apps in Windows

OSVersion
4.0

FileCreateDate
2014:05:16 18:03:08+01:00

OriginalFilename
UI.EXE

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Calwell Inc.

LegalTrademarks
Calwell Inc.

ProductName
Install/Uninstall

ProductVersionNumber
2.0.0.0

EntryPoint
0x1b30e0

ObjectFileType
Executable application

File identification
MD5 3a8e2616562ca60b338f38d7d8cc4450
SHA1 c635cf5626130e65f65b8664d6fcd034b8541cf7
SHA256 3c004420b1c819454966e581be38b5ed616a66977e7f52576ac5612c00e0e585
ssdeep
12288:ORUi339z0rlvqwxMLBPa8dAxsLH4/tiWw:OVGxvxMNPa+GIH4/8Ww

imphash 128e655497f70528583105f7c177a973
File size 504.5 KB ( 516608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-08-11 04:41:38 UTC ( 4 years, 7 months ago )
Last submission 2014-05-16 17:02:24 UTC ( 2 years, 10 months ago )
File names 3a8e2616562ca60b338f38d7d8cc4450
UI.EXE
IU.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications