× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037
File name: skype-img-04_04-2013.exe
Detection ratio: 9 / 45
Analysis date: 2013-04-04 19:02:56 UTC ( 1 year ago ) View latest
Antivirus Result Update
AntiVir TR/Crypt.XPACK.Gen 20130404
CAT-QuickHeal (Suspicious) - DNAScan 20130404
DrWeb Win32.HLLW.Autoruner1.34857 20130404
ESET-NOD32 a variant of Win32/Kryptik.AYAB 20130404
Emsisoft Trojan.Win32.Agent.AMN (A) 20130404
Malwarebytes Malware.Packer.EPEX 20130404
Panda Suspicious file 20130404
Sophos Mal/Generic-S 20130404
Symantec WS.Reputation.1 20130404
AVG 20130404
Agnitum 20130404
AhnLab-V3 20130404
Antiy-AVL 20130404
Avast 20130404
BitDefender 20130404
ByteHero 20130322
ClamAV 20130404
Commtouch 20130404
Comodo 20130404
F-Prot 20130404
F-Secure 20130404
Fortinet 20130404
GData 20130404
Ikarus 20130404
Jiangmin 20130404
K7AntiVirus 20130404
Kaspersky 20130404
Kingsoft 20130401
McAfee 20130404
McAfee-GW-Edition 20130404
MicroWorld-eScan 20130404
NANO-Antivirus 20130404
Norman 20130404
PCTools 20130404
Rising 20130403
SUPERAntiSpyware 20130404
TheHacker 20130404
TotalDefense 20130404
TrendMicro 20130404
TrendMicro-HouseCall 20130404
VBA32 20130403
VIPRE 20130404
ViRobot 20130404
eSafe 20130403
nProtect 20130404
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-21 18:21:11
Link date 7:21 PM 12/21/2012
Entry Point 0x00004261
Number of sections 15
PE sections
PE imports
GetConsoleOutputCP
GetCurrentDirectoryW
lstrcatA
GetProcessHeap
UrlGetPartW
BroadcastSystemMessageW
IsCharAlphaNumericW
GetMessagePos
SetRectEmpty
VkKeyScanA
islower
isalnum
PE exports
Number of PE resources by type
RT_ICON 21
RT_GROUP_ICON 2
Number of PE resources by language
NEUTRAL 12
ENGLISH US 11
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:12:21 19:21:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
10.0

FileAccessDate
2014:04:03 23:34:12+01:00

EntryPoint
0x4261

InitializedDataSize
210432

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2014:04:03 23:34:12+01:00

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e3b2b66b832c1dcdd0be68d795df9937
SHA1 a55554d3ce6969a4ed5834279b892fa5c7e67248
SHA256 411e93206a7750c8df25730349bf9756ddba52c1bc780eaac4bba2b3872bc037
ssdeep
3072:RMmb7G36T1Ff7/647wUc9mhpXLwE6RTsFoIgT04a8Upwv4b:RMmHP17/tc9mrLwNRUoIgw4aRpwvi

imphash cae6e091c260399b6f014af9475774a5
File size 251.0 KB ( 257024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-04 14:41:55 UTC ( 1 year ago )
Last submission 2014-04-03 22:33:27 UTC ( 1 week, 6 days ago )
File names Fjcvrzhlgzglotam.exe
snkb0ptz.exe.VIR
file-5338392_exe
Tyghmlljjtgsotbg.exe
skype-img-04.exe
Csgoxbkkmzwwbccu.exe
Gikitmsajqgqnoko.exe
Pxvoeojaanfbfoxt.exe
e3b2b66b832c1dcdd0be68d795df9937
vt-upload-73M7O
snkb0ptz.exe
vti-rescan
skype-img-04_04-2013.exe
snkb0ptz.vir
Yaymogsempsfnoud.exe
257024e3b2b66b832c1dcdd0be68d795df9937
snkb0ptz.aaa
WL-50af61940f4389e42f066756b3e9ef50-0.ex$
skype-img-04_04-2013-exe.exe
Tgocfujibqhcsjdz.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!