× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3e9f4e5fbb5977542e3a8dc3cadccfa333f3a271523467baf404a4e378e36c4d
File name: shutdown.exe
Detection ratio: 0 / 41
Analysis date: 2012-08-28 19:33:12 UTC ( 4 years, 10 months ago )
Antivirus Result Update
AhnLab-V3 20120827
AntiVir 20120828
Antiy-AVL 20120828
Avast 20120828
AVG 20120828
BitDefender 20120828
ByteHero 20120827
CAT-QuickHeal 20120828
ClamAV 20120828
Commtouch 20120828
Comodo 20120828
DrWeb 20120828
Emsisoft 20120828
eSafe 20120826
ESET-NOD32 20120828
F-Prot 20120827
F-Secure 20120828
Fortinet 20120828
GData 20120828
Ikarus 20120828
Jiangmin 20120828
K7AntiVirus 20120827
McAfee 20120828
McAfee-GW-Edition 20120827
Microsoft 20120828
Norman 20120827
nProtect 20120827
Panda 20120828
PCTools 20120828
Rising 20120828
Sophos 20120828
SUPERAntiSpyware 20120828
Symantec 20120828
TheHacker 20120826
TotalDefense 20120827
TrendMicro 20120828
TrendMicro-HouseCall 20120828
VBA32 20120828
VIPRE 20120828
ViRobot 20120828
VirusBuster 20120828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-11-12 00:09:50
Entry Point 0x00001030
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
DebugBreak
IsBadReadPtr
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
HeapValidate
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
TerminateProcess
HeapCreate
VirtualFree
InterlockedDecrement
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
InterlockedIncrement
ExitWindowsEx
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1997:11:11 16:09:50-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55808

LinkerVersion
5.2

EntryPoint
0x1030

InitializedDataSize
31744

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 a685e8b535d53252158960161a4c5d86
SHA1 d12777de12d2a13e3b97b3d67a8fceeca76891d3
SHA256 3e9f4e5fbb5977542e3a8dc3cadccfa333f3a271523467baf404a4e378e36c4d
ssdeep
1536:FchMNreqfYP4S7G10J3z9a9OupGerRi/qxg:yhM9eqfi4YGmJ3Zarr+qxg

File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe installshield

VirusTotal metadata
First submission 2012-08-28 19:33:12 UTC ( 4 years, 10 months ago )
Last submission 2012-08-28 19:33:12 UTC ( 4 years, 10 months ago )
File names shutdown.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!