× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f4655a871787f990752a7190e740079691446fcf049e769ccb011deca45b4a8
File name: 408617
Detection ratio: 4 / 57
Analysis date: 2016-04-01 07:29:04 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
ClamAV Win.Trojan.Agent-771103 20160401
Jiangmin TrojanDropper.Agent.bahi 20160401
K7AntiVirus Riskware ( 0040eff71 ) 20160331
K7GW Riskware ( 0040eff71 ) 20160401
Ad-Aware 20160401
AegisLab 20160401
AhnLab-V3 20160330
Alibaba 20160401
ALYac 20160401
Antiy-AVL 20160401
Arcabit 20160401
Avast 20160401
AVG 20160401
Avira (no cloud) 20160401
AVware 20160401
Baidu 20160331
Baidu-International 20160331
BitDefender 20160401
Bkav 20160331
CAT-QuickHeal 20160401
CMC 20160322
Comodo 20160401
Cyren 20160401
DrWeb 20160331
Emsisoft 20160401
ESET-NOD32 20160401
F-Prot 20160401
F-Secure 20160401
Fortinet 20160401
GData 20160401
Ikarus 20160331
Kaspersky 20160401
Kingsoft 20160401
Malwarebytes 20160401
McAfee 20160401
McAfee-GW-Edition 20160331
Microsoft 20160401
eScan 20160401
NANO-Antivirus 20160401
nProtect 20160331
Panda 20160331
Qihoo-360 20160401
Rising 20160401
Sophos AV 20160401
SUPERAntiSpyware 20160401
Symantec 20160331
Tencent 20160401
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160401
TrendMicro-HouseCall 20160401
VBA32 20160331
VIPRE 20160401
ViRobot 20160401
Yandex 20160316
Zillya 20160331
Zoner 20160401
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-02 08:41:07
Entry Point 0x0000C348
Number of sections 4
PE sections
Overlays
MD5 ead66117a770a8620e88cdf7da3c25b2
File type data
Offset 89600
Size 92870
Entropy 8.00
PE imports
CloseServiceHandle
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA
CreateServiceW
GetObjectA
AddFontResourceA
DeleteDC
SetBkMode
SelectObject
GetStockObject
CreateFontIndirectA
CreateSolidBrush
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
SetTextColor
GetLastError
HeapFree
EnterCriticalSection
ReadFile
LoadLibraryA
lstrlenA
lstrcmpiA
GetStringTypeExA
WaitForSingleObject
GetExitCodeProcess
HeapReAlloc
HeapAlloc
CreateDirectoryA
GetVersionExA
RemoveDirectoryA
RtlUnwind
GetModuleFileNameA
GetACP
DeleteCriticalSection
GetCurrentProcess
GetThreadLocale
GetLocaleInfoA
GetFileSize
SetFileTime
DeleteFileA
GetWindowsDirectoryA
ExitProcess
MultiByteToWideChar
HeapSize
MapViewOfFile
GetCommandLineA
GetProcAddress
FlushInstructionCache
DebugBreak
GetProcessHeap
GetSystemDefaultLangID
GetTempPathA
RaiseException
CompareStringA
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
lstrcmpA
FindFirstFileA
InterlockedExchange
WriteFile
GetStartupInfoA
CloseHandle
CreateFileMappingA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
OutputDebugStringA
lstrlenW
SetFileAttributesA
FreeLibrary
CreateProcessA
InitializeCriticalSection
UnmapViewOfFile
VirtualQuery
FindClose
InterlockedDecrement
FormatMessageA
CreateFileA
GetTickCount
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
VariantChangeType
SysStringLen
RegisterTypeLib
SysAllocStringLen
VariantCopyInd
VariantClear
SysAllocString
VariantCopy
BstrFromVector
SysStringByteLen
LoadTypeLib
SysFreeString
SysAllocStringByteLen
VariantInit
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteExA
MapWindowPoints
RedrawWindow
GetParent
IsDlgButtonChecked
EndDialog
KillTimer
ShowWindow
SetWindowPos
SendDlgItemMessageA
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
EnumChildWindows
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetWindow
CharUpperA
CheckDlgButton
LoadStringA
DestroyCursor
SystemParametersInfoA
GetDlgCtrlID
SetWindowTextA
UnregisterClassA
SendMessageA
GetClientRect
GetDlgItem
InvalidateRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
LoadCursorA
FillRect
GetSysColorBrush
CharNextA
GetDesktopWindow
LoadImageA
wsprintfA
MsgWaitForMultipleObjects
GetWindowTextA
SetCursor
OleInitialize
OleUninitialize
CLSIDFromProgID
StringFromGUID2
CoCreateInstance
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 1
RT_DIALOG 1
Struct(240) 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 11
RUSSIAN 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:01:02 09:41:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
48640

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xc348

InitializedDataSize
41472

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8955fe7ff187e653a643228414fad5b6
SHA1 1683c9620765dc2ce4f85f880de4ed87318bb8c4
SHA256 3f4655a871787f990752a7190e740079691446fcf049e769ccb011deca45b4a8
ssdeep
3072:MIp/6PiD3fnA3GSuEoFhF5c0lDdgDH6MH7G4iBbUs2kDqWp:M23YWS/oFhF5XjgHXbzObUsFDp

authentihash 0ff70b872790e7b1f340ba619f71f307b043959aa1e039ffb84aedf6d0eeefeb
imphash c19c5bd7575d9303560d2cd24613a801
File size 178.2 KB ( 182470 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2008-03-14 18:07:22 UTC ( 11 years ago )
Last submission 2018-05-24 01:53:19 UTC ( 10 months ago )
File names 16388079
clearmymail.exe
aa
1683c9620765dc2ce4f85f880de4ed87318bb8c4.exe
141479543360813-clearmymail.exe
141484486394634-clearmymail.exe
clearmymail-3-5.exe
408617
EsyTsuZ.rtf
output.16388079.txt
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!