× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 456b890f3ce5039e76b02878b4cff7ca4eda10ba8e1e76c37ce82f30166b73da
File name: setup.exe
Detection ratio: 10 / 43
Analysis date: 2010-10-23 15:06:46 UTC ( 6 years, 11 months ago ) View latest
Antivirus Result Update
Authentium W32/FakeAlert.IG.gen!Eldorado 20101023
BitDefender Trojan.Agent.AQTX 20101023
DrWeb Trojan.FakeAV.509 20101023
eSafe Suspicious File 20101021
F-Prot W32/FakeAlert.IG.gen!Eldorado 20101022
K7AntiVirus Riskware 20101022
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.C!87 20101022
NOD32 a variant of Win32/Adware.FakeAntiSpy.L 20101023
Panda Suspicious file 20101023
Sunbelt Trojan.Win32.Generic.pak!cobra 20101023
AhnLab-V3 20101023
AntiVir 20101022
Antiy-AVL 20101023
Avast 20101023
Avast5 20101023
AVG 20101023
CAT-QuickHeal 20101022
ClamAV 20101023
Comodo 20101023
Emsisoft 20101023
eTrust-Vet 20101022
F-Secure 20101023
Fortinet 20101023
GData 20101023
Ikarus 20101023
Jiangmin 20101023
Kaspersky 20101023
McAfee 20101023
Microsoft 20101023
Norman 20101023
nProtect 20101023
PCTools 20101023
Prevx 20101023
Rising 20101022
Sophos AV 20101023
SUPERAntiSpyware 20101023
Symantec 20101023
TheHacker 20101023
TrendMicro 20101023
TrendMicro-HouseCall 20101023
VBA32 20101022
ViRobot 20101023
VirusBuster 20101022
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Number of sections 3
PE sections
PE imports
RegFlushKey
ImageList_Add
SaveDC
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
AlphaBlend
OleDraw
VariantCopy
ShellExecuteW
VerQueryValueW
timeGetTime
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:10:23 10:09:12+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
491520

LinkerVersion
2.25

EntryPoint
0x291390

InitializedDataSize
24576

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
2199552

File identification
MD5 8f809720da06d2ae5ca7c43dd541789c
SHA1 c958ab1f2ba508e7d9eef0afbe650390ca9c3a90
SHA256 456b890f3ce5039e76b02878b4cff7ca4eda10ba8e1e76c37ce82f30166b73da
ssdeep
12288:pzHiHDgnMwOfjqszaGrMjsTXVZVe6ddSxGYCZns3HTlh34kRy:BYg4dGGrIsbYwHM3P

File size 501.0 KB ( 513024 bytes )
File type Win32 EXE
Magic literal

TrID Win32 EXE Yoda's Crypter (54.4%)
Win32 Executable Generic (17.4%)
Win32 Dynamic Link Library (generic) (15.5%)
Win16/32 Executable Delphi generic (4.2%)
Generic Win/DOS Executable (4.1%)
VirusTotal metadata
First submission 2010-10-23 15:06:46 UTC ( 6 years, 11 months ago )
Last submission 2010-11-26 05:14:58 UTC ( 6 years, 10 months ago )
File names lr73au.rar
0GAvU.vsd
aa
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!