× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3d6a205af7c0ca59de374ae239966b4e4c5c6bfa24728fac6c76a51f30a9e5a1
File name: S22B420BW.exe
Detection ratio: 0 / 69
Analysis date: 2019-01-25 13:41:10 UTC ( 4 months ago )
Antivirus Result Update
Acronis 20190124
Ad-Aware 20190125
AegisLab 20190125
AhnLab-V3 20190125
Alibaba 20180921
ALYac 20190125
Antiy-AVL 20190125
Arcabit 20190125
Avast 20190125
Avast-Mobile 20190125
AVG 20190125
Avira (no cloud) 20190125
Babable 20180918
Baidu 20190125
BitDefender 20190125
Bkav 20190125
CAT-QuickHeal 20190125
ClamAV 20190125
CMC 20190125
Comodo 20190125
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cylance 20190125
Cyren 20190125
DrWeb 20190125
eGambit 20190125
Emsisoft 20190125
Endgame 20181108
ESET-NOD32 20190125
F-Prot 20190125
F-Secure 20190125
Fortinet 20190125
GData 20190125
Ikarus 20190125
Sophos ML 20181128
Jiangmin 20190125
K7AntiVirus 20190125
K7GW 20190125
Kaspersky 20190125
Kingsoft 20190125
Malwarebytes 20190125
MAX 20190125
McAfee 20190125
McAfee-GW-Edition 20190125
Microsoft 20190125
eScan 20190125
NANO-Antivirus 20190125
Palo Alto Networks (Known Signatures) 20190125
Panda 20190125
Qihoo-360 20190125
Rising 20190125
SentinelOne (Static ML) 20190124
Sophos AV 20190125
SUPERAntiSpyware 20190123
Symantec 20190125
TACHYON 20190125
Tencent 20190125
TheHacker 20190125
Trapmine 20190123
TrendMicro 20190125
TrendMicro-HouseCall 20190125
Trustlook 20190125
VBA32 20190125
ViRobot 20190125
Webroot 20190125
Yandex 20190124
Zillya 20190124
ZoneAlarm by Check Point 20190125
Zoner 20190125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT appended, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-11-02 20:23:03
Entry Point 0x0000A79E
Number of sections 5
PE sections
PE imports
RegQueryValueA
GetDeviceCaps
CreateDCA
DeleteDC
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
ExtTextOutA
DeleteObject
SetTextAlign
SetBkColor
GetBkColor
SetTextColor
GetStdHandle
GetConsoleOutputCP
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
_llseek
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
WriteFile
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LocalFree
InitializeCriticalSection
GlobalHandle
FindClose
InterlockedDecrement
FormatMessageA
SetLastError
GetSystemTime
GetEnvironmentVariableA
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
_lclose
SetUnhandledExceptionFilter
GlobalMemoryStatus
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
CreateDirectoryA
GetWindowsDirectoryA
GetCPInfo
GlobalLock
_lread
GetProcessHeap
FindFirstFileA
TerminateProcess
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
SetFileTime
GetCurrentDirectoryA
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetCurrentThreadId
CreateProcessA
IsValidCodePage
HeapCreate
VirtualFree
Sleep
VirtualAlloc
SHBrowseForFolderA
FindExecutableA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
GetParent
UpdateWindow
EndDialog
BeginPaint
KillTimer
DefWindowProcA
ShowWindow
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
CharUpperBuffA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
DialogBoxParamA
GetSysColor
SetActiveWindow
GetKeyState
SetWindowTextA
LoadStringA
GetLastActivePopup
SendMessageA
GetClientRect
GetDlgItem
RegisterClassA
SetRect
InvalidateRect
SetWindowWord
GetWindowLongA
SetTimer
LoadCursorA
CharNextA
GetWindowWord
EnableWindow
SetForegroundWindow
SetCursor
Number of PE resources by type
RT_ICON 9
RT_STRING 7
RT_DIALOG 2
RT_MANIFEST 1
WZ_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 21
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:11:02 21:23:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
118784

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xa79e

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 22c06e6283fca23b31039c0ab595265e
SHA1 3774bdeecee0d07e34984f2803847523f77c6c32
SHA256 3d6a205af7c0ca59de374ae239966b4e4c5c6bfa24728fac6c76a51f30a9e5a1
ssdeep
196608:khOcv7TBNKEsYaRccf/mster2BCoUFWt2X9CkbH5zq3HIR:kQC7Fo3Y+vmQei3KWt2X9hbZzbR

authentihash 095de74c539f5b102e6be6dd5288a846ef3d4f925292ac6f71788bb92414b271
imphash f2f9102c7663962c22d17a8dabc5e7ce
File size 8.0 MB ( 8404992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (30.3%)
Win32 Executable MS Visual C++ (generic) (21.9%)
Win64 Executable (generic) (19.4%)
Winzip Win32 self-extracting archive (generic) (16.1%)
Win32 Dynamic Link Library (generic) (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-01-20 22:04:03 UTC ( 4 years, 4 months ago )
Last submission 2019-01-25 13:41:10 UTC ( 4 months ago )
File names S22B420BW.exe
3774bdeecee0d07e34984f2803847523f77c6c32
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs