× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4028fffd6e4b7296564ee86c799b221ada0f97824469c0133102654b11a6b024
File name: e-greetings.exe
Detection ratio: 17 / 43
Analysis date: 2012-02-15 20:58:33 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
AVG IRC/Generic.E 20120215
Antiy-AVL RiskWare/mIRC.6.gen 20120213
Avast Win32:Mirc-Z [PUP] 20120215
BitDefender Backdoor.IrcBot.ADIT 20120215
ClamAV Trojan.IRC.Zapchast-20 20120215
Comodo UnclassifiedMalware 20120215
Emsisoft Backdoor.IRC.Zapchast.zwrc.AMN!A2 20120215
F-Secure Backdoor.IrcBot.ADIT 20120215
GData Backdoor.IrcBot.ADIT 20120215
Jiangmin Trojan.IRC.ah 20120214
Kaspersky Backdoor.IRC.Zapchast.zwrc 20120215
McAfee Artemis!1CD3A366D926 20120215
McAfee-GW-Edition Artemis!1CD3A366D926 20120215
NOD32 IRC/Cloner.CA 20120215
Sophos Mal/Zapchas-A 20120215
eSafe Win32.Trojan 20120214
nProtect Backdoor.IrcBot.ADIT 20120215
AhnLab-V3 20120215
AntiVir 20120215
ByteHero 20120215
CAT-QuickHeal 20120214
Commtouch 20120215
DrWeb 20120215
F-Prot 20120215
Fortinet 20120215
Ikarus 20120215
K7AntiVirus 20120215
Microsoft 20120215
Norman 20120215
PCTools 20120207
Panda 20120215
Prevx 20120215
Rising 20120215
SUPERAntiSpyware 20120206
Symantec 20120215
TheHacker 20120213
TrendMicro 20120215
TrendMicro-HouseCall 20120215
VBA32 20120214
VIPRE 20120215
ViRobot 20120215
VirusBuster 20120215
eTrust-Vet 20120215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command RAR, RAR, Unicode, RAR
F-PROT RAR, RAR, RAR, Unicode, RAR, RAR
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-01-09 13:44:06
Link date 2:44 PM 1/9/2012
Entry Point 0x0000B3C1
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetFileSecurityA
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
HeapFree
GetStdHandle
DosDateTimeToFileTime
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindNextFileA
CompareStringW
HeapAlloc
SystemTimeToFileTime
IsDBCSLeadByte
GetCommandLineW
GetFileAttributesW
GetCurrentProcess
FileTimeToLocalFileTime
MoveFileW
OpenFileMappingW
SetFileAttributesA
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
SetEnvironmentVariableW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
WriteFile
SetFileAttributesW
CloseHandle
WideCharToMultiByte
MapViewOfFile
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
GetFileAttributesA
GetTempPathW
FindFirstFileA
FindFirstFileW
HeapReAlloc
GetModuleHandleW
GetFullPathNameA
FreeLibrary
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
GetFileType
GetFullPathNameW
SetFileTime
CreateFileA
GetTickCount
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
CharToOemBuffW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
GetWindow
MessageBoxW
DispatchMessageW
GetClassNameW
PeekMessageW
CharUpperA
GetClientRect
OemToCharA
EnableWindow
CopyRect
WaitForInputIdle
OemToCharBuffA
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:01:09 14:44:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
72704

LinkerVersion
9.0

EntryPoint
0xb3c1

InitializedDataSize
113152

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

File identification
MD5 1cd3a366d926ecc90a5ef9a8de9f3be2
SHA1 2979cab1a3f4d80917cd8f2b1d49c5773065de46
SHA256 4028fffd6e4b7296564ee86c799b221ada0f97824469c0133102654b11a6b024
ssdeep
24576:PxaVxr52owyu2XASkGgXEP46FA/4nFQbk7r5nPmX7ca4p9/N:PMru1xEP4644nFQbkrZPmX7j4j/N

File size 897.1 KB ( 918645 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-02-15 16:29:39 UTC ( 2 years, 2 months ago )
Last submission 2013-11-26 04:19:51 UTC ( 4 months, 3 weeks ago )
File names e-greetings.exe.dat
1cd3a366d926ecc90a5ef9a8de9f3be2
smona_4028fffd6e4b7296564ee86c799b221ada0f97824469c0133102654b11a6b024.bin
1265621
output.1269639.txt
output.1265621.txt
2979cab1a3f4d80917cd8f2b1d49c5773065de46.bin
e-greetings.exe
1269639
file-4396362_exe
1cd3a366d926ecc90a5ef9a8de9f3be2
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!