× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 41c35d5caad1e2b4a42bd10c9fcc4dc7b884cff0b950ac5a37cfe33b48231913
File name: fad38a35c5c4298e29880ec3347414a3
Detection ratio: 20 / 53
Analysis date: 2014-06-21 16:53:12 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AntiVir TR/ArchSMS.cbrwr 20140621
Avast Win32:Malware-gen 20140621
AVG Zbot.KGB 20140621
BitDefender Gen:Variant.Kazy.398671 20140621
Bkav HW32.Laneul.xoww 20140621
CMC Packed.Win32.Katusha.3!O 20140621
DrWeb Trojan.Siggen6.19596 20140621
Emsisoft Gen:Variant.Kazy.398671 (B) 20140621
ESET-NOD32 Win32/Spy.Zbot.ABV 20140621
Fortinet Riskware/ArchSMS 20140621
GData Gen:Variant.Kazy.398671 20140621
Kaspersky Hoax.Win32.ArchSMS.cbrwr 20140621
Kingsoft Win32.Troj.Hoax.(kcloud) 20140621
Malwarebytes Trojan.Agent 20140621
Microsoft PWS:Win32/Zbot 20140621
eScan Gen:Variant.Kazy.398671 20140621
Qihoo-360 HEUR/Malware.QVM20.Gen 20140621
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140621
Tencent Win32.Trojan-psw.Archsms.Egxv 20140621
VIPRE Trojan.Win32.Generic!BT 20140621
Ad-Aware 20140621
AegisLab 20140620
Yandex 20140621
AhnLab-V3 20140621
Antiy-AVL 20140619
Baidu-International 20140621
ByteHero 20140621
CAT-QuickHeal 20140621
ClamAV 20140621
Commtouch 20140621
Comodo 20140621
F-Prot 20140621
F-Secure 20140621
Ikarus 20140621
Jiangmin 20140621
K7AntiVirus 20140621
K7GW 20140621
McAfee 20140621
McAfee-GW-Edition 20140621
NANO-Antivirus 20140621
Norman 20140621
nProtect 20140620
Panda 20140621
SUPERAntiSpyware 20140621
Symantec 20140621
TheHacker 20140617
TotalDefense 20140621
TrendMicro 20140621
TrendMicro-HouseCall 20140621
VBA32 20140620
ViRobot 20140621
Zillya 20140621
Zoner 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1998-2013 Contributors

Product jEdit
File version 5.1.0
Description Programmer's Text Editor
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-01-25 10:25:40
Entry Point 0x00007888
Number of sections 4
PE sections
Overlays
MD5 5b35afd2b4c6bfffd5ecd54393c0a082
File type data
Offset 269824
Size 512
Entropy 7.56
PE imports
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
GetLastError
GetOverlappedResult
DeviceIoControl
WaitForSingleObject
FreeLibrary
QueryPerformanceCounter
GetTickCount
OutputDebugStringA
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetLocalTime
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetTempPathA
GlobalAddAtomW
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
GetACP
GetCurrentThreadId
SetEnvironmentVariableA
GetFullPathNameA
TerminateProcess
CreateEventA
Sleep
FormatMessageA
CreateFileA
GetVersion
ResetEvent
SetupDiGetDeviceInstallParamsA
SetupDiGetClassDevsA
SetupDiSetDeviceRegistryPropertyA
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupGetStringFieldA
SetupFindNextLine
SetupFindFirstLineA
SetupCloseInfFile
SetupDiEnumDeviceInfo
SetupOpenInfFileA
SetupDiSetClassInstallParamsA
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiCallClassInstaller
FindWindowA
PostMessageA
malloc
realloc
memset
fclose
fprintf
fgets
fopen
strncpy
_amsg_exit
fputs
_strlwr
_XcptFilter
_snprintf
sprintf
free
getenv
atoi
memcpy
_vsnprintf
strstr
fputws
memmove
strerror
wcsstr
_initterm
fgetws
_iob
Number of PE resources by type
RT_ICON 7
RT_STRING 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 6
DUTCH 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
6.56

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
5.1.99.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
65024

EntryPoint
0x7888

MIMEType
application/octet-stream

LegalCopyright
Copyright 1998-2013 Contributors

FileVersion
5.1.0

TimeStamp
2014:01:25 11:25:40+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
5.1.0

FileDescription
Programmer's Text Editor

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Contributors

CodeSize
203776

ProductName
jEdit

ProductVersionNumber
5.1.99.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 fad38a35c5c4298e29880ec3347414a3
SHA1 3407538102eaf4a78741113eaca06e1b1bbe57c0
SHA256 41c35d5caad1e2b4a42bd10c9fcc4dc7b884cff0b950ac5a37cfe33b48231913
ssdeep
6144:y1V0UPJo39Da+UPj4oNshEnDOAaz5ilpa+ryXqK+REU5v:eVPPJMaN+h2DOVz2pkUEUp

authentihash 97cc507c6d0229a1af60112254c153cfff27194a8bb3aa875df4654ca9cf6d8a
imphash 2e129dae4d796e5db285dc53deaadb52
File size 264.0 KB ( 270336 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-06-21 16:53:12 UTC ( 4 years, 9 months ago )
Last submission 2014-06-21 16:53:12 UTC ( 4 years, 9 months ago )
File names fad38a35c5c4298e29880ec3347414a3
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications