× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47551285dccba8b1f8378aa9a41d0600f1edb86cf6d526a2a2b6f15032847ac6
File name: XvidSetup.exe
Detection ratio: 19 / 41
Analysis date: 2011-05-02 05:13:46 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
AVG Zango 20110501
AntiVir TR/Spy.Gen4 20110501
Avast5 Win32:Zango-AQ 20110501
BitDefender Gen:Variant.Adware.Hotbar.1 20110502
Commtouch W32/HotBar.L.gen!Eldorado 20110502
DrWeb Trojan.DownLoader.origin 20110502
F-Prot W32/HotBar.L.gen!Eldorado 20110502
GData Gen:Variant.Adware.Hotbar.1 20110502
Ikarus not-a-virus:WebToolbar.Win32 20110502
K7AntiVirus Adware 20110430
Kaspersky not-a-virus:WebToolbar.Win32.Zango.gen 20110502
McAfee Adware-HotBar.d 20110502
McAfee-GW-Edition Adware-HotBar.d 20110501
NOD32 a variant of Win32/Adware.HotBar.H 20110502
SUPERAntiSpyware Adware.Agent/Gen-Zango 20110502
Sophos ClickPotato Installer 20110502
VIPRE Pinball Corporation. (v) 20110502
VirusBuster Adware.Rugo.Gen.5 20110501
eTrust-Vet Win32/Zango.Pinball.B[HOTBAR] 20110429
AhnLab-V3 20110502
Antiy-AVL 20110502
Avast 20110501
CAT-QuickHeal 20110502
ClamAV 20110502
Comodo 20110502
F-Secure 20110502
Fortinet 20110501
Jiangmin 20110501
Microsoft 20110501
Norman 20110501
PCTools 20110429
Panda 20110501
Prevx 20110502
Rising 20110429
Symantec 20110502
TheHacker 20110501
TrendMicro 20110502
TrendMicro-HouseCall 20110502
VBA32 20110502
ViRobot 20110502
eSafe 20110501
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
File version 2.0.285.0
Description Installer
Signing date 16:17 10/01/2012
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-29 02:24:32
Entry Point 0x00070610
Number of sections 3
PE sections
PE imports
RegCloseKey
PatBlt
GetAdaptersInfo
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
1 more function(s) imported by ordinal)
UrlEscapeA
VerQueryValueA
1 more function(s) imported by ordinal)
CoCreateGuid
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
2.0.285.0

UninitializedDataSize
266240

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
8192

MIMEType
application/octet-stream

FileVersion
2.0.285.0

TimeStamp
2011:04:29 04:24:32+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.285.0

FileDescription
Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
192512

FileSubtype
0

ProductVersionNumber
2.0.285.0

EntryPoint
0x70610

ObjectFileType
Executable application

File identification
MD5 2363a7a043506be496b951b20b39ad8e
SHA1 614f2a020e00c5298a2b9de3ed41b5f76029f7b6
SHA256 47551285dccba8b1f8378aa9a41d0600f1edb86cf6d526a2a2b6f15032847ac6
ssdeep
6144:YDbfXFAae5HULxTYMms2tzTtPJye2X7qkh:YHXFXl3IT94ee7qkh

File size 198.7 KB ( 203440 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
Tags
signed upx

VirusTotal metadata
First submission 2011-05-02 05:13:46 UTC ( 3 years, 2 months ago )
Last submission 2012-01-10 15:17:34 UTC ( 2 years, 6 months ago )
File names 614f2a020e00c5298a2b9de3ed41b5f76029f7b6.bin
XvidSetup.exe_2363a7a043506be496b951b20b39ad8e
XvidSetup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!