× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e0529370a12e68a7e4cc3fd77513f2ef8c2c2d9d2ba286fd2c116ef156747c0
File name: 85cce681397d4185b6fef61ae8bcd3d255805879
Detection ratio: 2 / 56
Analysis date: 2015-07-02 17:50:20 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20150701
McAfee-GW-Edition BehavesLike.Win32.Obfuscated.dt 20150702
Ad-Aware 20150702
AegisLab 20150702
Yandex 20150630
AhnLab-V3 20150702
Alibaba 20150630
ALYac 20150702
Antiy-AVL 20150702
Arcabit 20150630
Avast 20150702
AVG 20150702
Avira (no cloud) 20150702
AVware 20150702
Baidu-International 20150702
BitDefender 20150702
Bkav 20150702
ByteHero 20150702
ClamAV 20150702
Comodo 20150702
Cyren 20150702
DrWeb 20150702
Emsisoft 20150702
ESET-NOD32 20150702
F-Prot 20150702
F-Secure 20150702
Fortinet 20150702
GData 20150702
Ikarus 20150702
Jiangmin 20150701
K7AntiVirus 20150702
K7GW 20150702
Kaspersky 20150702
Kingsoft 20150702
Malwarebytes 20150702
McAfee 20150702
Microsoft 20150702
eScan 20150702
NANO-Antivirus 20150702
nProtect 20150702
Panda 20150702
Qihoo-360 20150702
Rising 20150702
Sophos AV 20150702
SUPERAntiSpyware 20150702
Symantec 20150702
Tencent 20150702
TheHacker 20150702
TotalDefense 20150702
TrendMicro 20150702
TrendMicro-HouseCall 20150702
VBA32 20150702
VIPRE 20150702
ViRobot 20150702
Zillya 20150702
Zoner 20150702
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-16 16:10:59
Entry Point 0x00001000
Number of sections 15
PE sections
Overlays
MD5 53e979547d8c2ea86560ac45de08ae25
File type ASCII text
Offset 290304
Size 1536
Entropy 0.00
PE imports
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
AdjustTokenPrivileges
InitializeAcl
RegCreateKeyExA
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
RegOpenKeyExW
RegOpenKeyW
RegOpenKeyExA
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
GetLengthSid
RegDeleteValueW
RegSetValueExW
FreeSid
RegEnumValueW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetValueExA
GetTextCharsetInfo
SetStretchBltMode
EnumFontsA
TranslateCharsetInfo
GetICMProfileA
GetWorldTransform
SetWorldTransform
CreateBitmapIndirect
GetCharacterPlacementA
GetTextExtentPointW
SelectClipPath
CreatePalette
AddFontMemResourceEx
SetTextAlign
SetBoundsRect
PolyBezier
GetKerningPairsW
Chord
AddFontResourceExA
GetCharWidthFloatA
GetEnhMetaFileHeader
GetStretchBltMode
DPtoLP
Escape
DeleteObject
IMPQueryIMEW
GetMessageA
ChangeDisplaySettingsW
SetDlgItemTextA
GetOpenClipboardWindow
SetWindowRgn
CreateDialogIndirectParamW
DdeSetUserHandle
LoadMenuA
SetClassLongW
SetCaretPos
CreateIcon
CopyIcon
EnumDesktopsW
RealGetWindowClassW
GetIconInfo
GetCaretPos
SetPropW
GetWindowThreadProcessId
FreeDDElParam
SendMessageCallbackA
InflateRect
RegisterClassA
UnhookWindowsHookEx
OpenIcon
PostMessageA
ReleaseCapture
GrayStringA
CreateDesktopA
ScrollDC
AnyPopup
GetClassWord
CharLowerW
GetProcessWindowStation
CharUpperA
TabbedTextOutA
GetWindowLongW
ReleaseDC
RemovePropA
GetClassInfoA
CheckMenuItem
DefFrameProcW
EnumDisplayMonitors
GetClassLongW
SetParent
GetTitleBarInfo
PtInRect
GetDoubleClickTime
GetMenuStringW
SetDoubleClickTime
LoadCursorFromFileW
SetWindowTextW
DdeClientTransaction
UnionRect
CreateIconIndirect
ScreenToClient
CloseWindowStation
AnimateWindow
GetPriorityClipboardFormat
UnhookWinEvent
ChangeMenuA
GetKeyboardState
SetWindowsHookExA
FillRect
AttachThreadInput
CreateAcceleratorTableW
DdeConnectList
GetTabbedTextExtentA
LoadAcceleratorsW
ScrollWindow
CreateAcceleratorTableA
GetAncestor
RegisterClipboardFormatA
DialogBoxIndirectParamA
GetMenuItemInfoW
Number of PE resources by type
RT_GROUP_CURSOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
JAPANESE DEFAULT 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2005:06:16 17:10:59+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
242176

LinkerVersion
0.0

EntryPoint
0x1000

InitializedDataSize
31744

SubsystemVersion
4.1

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 45d0f367f834c4b945d8ef4a1f05774e
SHA1 85cce681397d4185b6fef61ae8bcd3d255805879
SHA256 3e0529370a12e68a7e4cc3fd77513f2ef8c2c2d9d2ba286fd2c116ef156747c0
ssdeep
3072:lRzfUL5abWEtZc5hX33OJteaHDBfIXI6dNM1Yrnqq3h8C:llMLYbJShHOteaVIbvM1Yrnqq3

authentihash 142a9e861f977b46834560f8b81c5440a3aac32f06c06fcd99e4088f22ff8b8f
imphash fa7c2d8b4f96bebf180a84e2520d61e4
File size 285.0 KB ( 291840 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.3%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
VXD Driver (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-07-02 17:50:20 UTC ( 3 years, 8 months ago )
Last submission 2015-07-03 16:33:55 UTC ( 3 years, 8 months ago )
File names abf77831c5f15a055a9416a9692794968d16823b
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs