× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43ceb7d64c0f3427e0945dd20c89bc02f814cc68fc58747accc89fb2e2fdd7a1
Detection ratio: 0 / 49
Analysis date: 2014-01-20 17:31:07 UTC ( 1 year, 6 months ago )
Antivirus Result Update
AVG 20140120
Ad-Aware 20140120
Agnitum 20140119
AhnLab-V3 20140120
AntiVir 20140120
Antiy-AVL 20140120
Avast 20140120
Baidu-International 20131213
BitDefender 20140120
Bkav 20140120
ByteHero 20140114
CAT-QuickHeal 20140120
CMC 20140115
ClamAV 20140120
Commtouch 20140120
Comodo 20140120
DrWeb 20140120
ESET-NOD32 20140120
Emsisoft 20140120
F-Prot 20140120
F-Secure 20140120
Fortinet 20140120
GData 20140120
Ikarus 20140120
Jiangmin 20140120
K7AntiVirus 20140120
K7GW 20140120
Kaspersky 20140120
Kingsoft 20130829
Malwarebytes 20140120
McAfee 20140120
McAfee-GW-Edition 20140120
MicroWorld-eScan 20140120
Microsoft 20140120
NANO-Antivirus 20140120
Norman 20140120
Panda 20140120
Rising 20140120
SUPERAntiSpyware 20140120
Sophos 20140120
Symantec 20140120
TheHacker 20140120
TotalDefense 20140120
TrendMicro 20140120
TrendMicro-HouseCall 20140120
VBA32 20140120
VIPRE 20140120
ViRobot 20140120
nProtect 20140120
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-13 20:34:07
Entry Point 0x00003986
Number of sections 4
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetSystemInfo
WaitForSingleObject
SetEvent
QueryPerformanceCounter
GetNumberOfConsoleInputEvents
GetTickCount
IsBadWritePtr
TlsAlloc
GetVersionExA
VirtualProtect
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
OpenFileMappingA
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
IsBadCodePtr
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
HeapDestroy
SetStdHandle
SetFilePointer
WideCharToMultiByte
MapViewOfFile
TlsFree
GetModuleHandleA
DeleteCriticalSection
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
SetConsoleTitleA
CloseHandle
GetSystemTimeAsFileTime
PeekConsoleInputA
GetACP
HeapReAlloc
GetStringTypeW
GetOEMCP
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
CreateEventA
GetEnvironmentStringsW
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
IsBadReadPtr
VirtualAlloc
SetLastError
LeaveCriticalSection
FindWindowA
PostMessageA
RegisterWindowMessageA
WMCreateReader
WMCreateWriter
CoUninitialize
CoInitialize
Number of PE resources by type
RT_MENU 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:12:13 21:34:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53248

LinkerVersion
7.0

EntryPoint
0x3986

InitializedDataSize
36864

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 99b21bb74cbf6417dd53d7b502d5aedc
SHA1 da1165af16df84bbcbd147b36072ae11ceaed756
SHA256 43ceb7d64c0f3427e0945dd20c89bc02f814cc68fc58747accc89fb2e2fdd7a1
ssdeep
1536:ulr8yM4+mIDC14hHG7GxMpnq8J6nQ1MyU86nRLbsc:Qr8eRGGsPs6yU8iLwc

File size 76.0 KB ( 77824 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission UTC ( ago )
Last submission UTC ( ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Set keys
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
DNS requests
UDP communications