× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43637ed26673b0593b0bed0822d549a34e97faadfcf7dc00b3f4ca1e96a27082
File name: Quickbar.EXE
Detection ratio: 0 / 66
Analysis date: 2018-08-06 00:56:07 UTC ( 5 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware 20180804
AegisLab 20180806
AhnLab-V3 20180805
Alibaba 20180713
ALYac 20180806
Antiy-AVL 20180806
Arcabit 20180806
Avast 20180806
Avast-Mobile 20180805
AVG 20180806
Avira (no cloud) 20180805
AVware 20180727
Babable 20180725
Baidu 20180802
BitDefender 20180806
Bkav 20180803
CAT-QuickHeal 20180805
CMC 20180805
Comodo 20180805
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180806
Cyren 20180805
DrWeb 20180806
eGambit 20180806
Emsisoft 20180805
Endgame 20180730
ESET-NOD32 20180805
F-Prot 20180806
F-Secure 20180805
Fortinet 20180806
GData 20180806
Sophos ML 20180717
Jiangmin 20180805
K7AntiVirus 20180805
K7GW 20180806
Kaspersky 20180805
Kingsoft 20180806
Malwarebytes 20180805
MAX 20180806
McAfee 20180806
McAfee-GW-Edition 20180805
Microsoft 20180805
eScan 20180805
NANO-Antivirus 20180806
Palo Alto Networks (Known Signatures) 20180806
Panda 20180805
Qihoo-360 20180806
Rising 20180806
SentinelOne (Static ML) 20180701
Sophos AV 20180806
SUPERAntiSpyware 20180805
Symantec 20180805
Symantec Mobile Insight 20180801
TACHYON 20180806
Tencent 20180806
TheHacker 20180805
TotalDefense 20180805
TrendMicro 20180805
TrendMicro-HouseCall 20180805
Trustlook 20180806
VBA32 20180803
VIPRE 20180806
ViRobot 20180805
Webroot 20180806
Yandex 20180805
Zillya 20180803
ZoneAlarm by Check Point 20180805
Zoner 20180805
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Konst Popov 2002-2006

File version 1.0
Description VisualSoft Visual QuickBar
Packers identified
F-PROT nameless, appended, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-25 19:47:11
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 01a9a802e1a0a19ac7f59ea1b06d974f
File type data
Offset 14848
Size 1096712
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
VisualSoft Visual QuickBar

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2001:10:25 20:47:11+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Copyright Konst Popov 2002-2006

MachineType
Intel 386 or later, and compatibles

CompanyName
VisualSoft

CodeSize
8704

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 e4493e27f13bd69266af5e2dd6cd968c
SHA1 06a586819d12afbe0a3a1fae72c1475201e96f5d
SHA256 43637ed26673b0593b0bed0822d549a34e97faadfcf7dc00b3f4ca1e96a27082
ssdeep
24576:ZkyRkFkfb2ezr4l33lGxSAgp2+hFxIrV+giZh4b3+O9istQrBTi+As:Zk9KT2ezr0luST2exBZebLerBTlD

authentihash 41ebd9d8e72eabc0f2f7a2282ea0313b106f2f70eec8d7b07de8ebacb692e484
imphash e41c25ab7824b3df73334188c40518ae
File size 1.1 MB ( 1111560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.3%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
OS/2 Executable (generic) (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-06-19 09:33:21 UTC ( 9 years, 7 months ago )
Last submission 2016-02-17 00:17:11 UTC ( 2 years, 11 months ago )
File names 311481
Quickbar.EXE
43637ED26673B0593B0BED0822D549A34E97FAADFCF7DC00B3F4CA1E96A27082
Quickbar.EXE
1360472965-Quickbar.EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!