× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41a1ca8c4f7e57e08157a82e4cd38116f9e0cf2810cf44f68d841c1b09c1a0e8
File name: antitwin_setup.exe
Detection ratio: 0 / 66
Analysis date: 2018-10-27 07:39:35 UTC ( 2 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware 20181027
AegisLab 20181027
AhnLab-V3 20181027
Alibaba 20180921
ALYac 20181027
Antiy-AVL 20181026
Arcabit 20181027
Avast 20181027
Avast-Mobile 20181027
AVG 20181027
Avira (no cloud) 20181026
Babable 20180918
Baidu 20181026
BitDefender 20181027
Bkav 20181025
CAT-QuickHeal 20181026
ClamAV 20181026
CMC 20181026
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181027
Cyren 20181027
DrWeb 20181027
eGambit 20181027
Emsisoft 20181027
Endgame 20180730
ESET-NOD32 20181026
F-Prot 20181027
F-Secure 20181027
Fortinet 20181027
GData 20181027
Ikarus 20181026
Sophos ML 20180717
Jiangmin 20181027
K7AntiVirus 20181027
K7GW 20181025
Kaspersky 20181027
Kingsoft 20181027
Malwarebytes 20181027
MAX 20181027
McAfee 20181027
McAfee-GW-Edition 20181027
Microsoft 20181027
eScan 20181027
NANO-Antivirus 20181027
Palo Alto Networks (Known Signatures) 20181027
Panda 20181026
Qihoo-360 20181027
Rising 20181027
SentinelOne (Static ML) 20181011
Sophos AV 20181027
SUPERAntiSpyware 20181022
Symantec 20181026
Symantec Mobile Insight 20181026
TACHYON 20181027
Tencent 20181027
TheHacker 20181025
TrendMicro 20181027
TrendMicro-HouseCall 20181027
Trustlook 20181027
VBA32 20181026
ViRobot 20181026
Webroot 20181027
Yandex 20181026
Zillya 20181026
ZoneAlarm by Check Point 20181027
Zoner 20181026
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0008FAC0
Number of sections 3
PE sections
Overlays
MD5 52ed9f0f256afd4b1b3324cd388777ae
File type data
Offset 226816
Size 684479
Entropy 7.98
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegFlushKey
ImageList_Add
GetOpenFileNameA
SaveDC
CoInitialize
VariantCopy
SHGetPathFromIDListA
VerQueryValueA
Number of PE resources by type
RT_STRING 17
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_MANIFEST 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 47
GERMAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
221184

LinkerVersion
2.25

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x8fac0

InitializedDataSize
8192

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
364544

File identification
MD5 3b3d26b9611c65fb5443c35711e434e3
SHA1 92d20543ed72c7a22801228076a6b5b56699b2a7
SHA256 41a1ca8c4f7e57e08157a82e4cd38116f9e0cf2810cf44f68d841c1b09c1a0e8
ssdeep
24576:FuSMRieZHpfqcscpkHE+mJnOetpcxIGRRBvfFn:9QRpqncpkHE+mJn/tpLGRRf

authentihash 4f4bcbe03e301847ba7a78feed18774b3fdfff8f928d9f7eb07bb8c7bb19eb31
imphash 3184392d3cb7ea91edd0a9c7f9872256
File size 889.9 KB ( 911295 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (37.1%)
Win32 EXE Yoda's Crypter (36.4%)
Win32 Dynamic Link Library (generic) (9.0%)
Win32 Executable (generic) (6.1%)
Win16/32 Executable Delphi generic (2.8%)
Tags
peexe overlay upx software-collection

VirusTotal metadata
First submission 2011-04-29 21:12:51 UTC ( 7 years, 8 months ago )
Last submission 2019-01-15 15:13:18 UTC ( 1 day, 15 hours ago )
File names AntiTwin v1.8.exe
anti-twin-1-8d-es-en-win.exe
AntiTwin_Setupa.exe
AntiTwin_Setup.exe
smona131542125962689311302
AntiTwin_Setup.exe
AntiTwin_Setupaynı olan dosyaları bulma programı.exe
octet-stream
AntiTwin_Setup.exe
AntiTwin_Setup.exe
AntiTwin_Setup.exe
AntiTwin_Setup.exe
Duplicate Similar Images Detector AntiTwin_Setup.exe
AntiTwin_1.8d_free.exe
sljakq7nold2ekabekahnjvvwvtjtmvh.exe
antitwin_setup_W7.exe
AntiTwin _ Setup .exe
antitwin_setup(1).exe
anti-twin-3704-jetelecharge.exe
57804
anti-twin-119-1.exe
AntiTwin_Setup(1).exe
antitwin_setup.exe
test.exe
92d20543ed72c7a22801228076a6b5b56699b2a7.bin
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!