× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 47dc665c232cc9c20b0ac42d336832c3d6ef9e8f2790bb0b8c2b4534a2966315
File name: output.110204157.txt
Detection ratio: 2 / 67
Analysis date: 2018-01-04 01:06:17 UTC ( 1 year, 1 month ago ) View latest
Antivirus Result Update
DrWeb Trojan.MulDrop1.57042 20180103
Palo Alto Networks (Known Signatures) generic.ml 20180104
Ad-Aware 20171225
AegisLab 20180104
AhnLab-V3 20180103
Alibaba 20180103
ALYac 20180103
Antiy-AVL 20180103
Arcabit 20180103
Avast 20180103
Avast-Mobile 20180103
AVG 20180103
Avira (no cloud) 20180103
AVware 20180103
Baidu 20180103
BitDefender 20180104
Bkav 20180103
CAT-QuickHeal 20180103
ClamAV 20180103
CMC 20180103
Comodo 20180103
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180104
Cyren 20180104
eGambit 20180104
Emsisoft 20180104
Endgame 20171130
ESET-NOD32 20180103
F-Prot 20180103
F-Secure 20180104
Fortinet 20180103
GData 20180103
Sophos ML 20170914
Jiangmin 20180103
K7AntiVirus 20180103
K7GW 20180104
Kaspersky 20180103
Kingsoft 20180104
Malwarebytes 20180104
MAX 20180103
McAfee 20180102
McAfee-GW-Edition 20180104
Microsoft 20180104
eScan 20180104
NANO-Antivirus 20180104
nProtect 20180103
Panda 20180103
Qihoo-360 20180104
Rising 20180104
SentinelOne (Static ML) 20171224
Sophos AV 20180104
SUPERAntiSpyware 20180104
Symantec 20180104
Tencent 20180104
TheHacker 20180103
TotalDefense 20180103
TrendMicro 20180103
TrendMicro-HouseCall 20180103
Trustlook 20180104
VBA32 20180103
VIPRE 20180103
ViRobot 20180103
Webroot 20180104
WhiteArmor 20171226
Yandex 20171229
Zillya 20180103
ZoneAlarm by Check Point 20180103
Zoner 20180103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2007 - Information Packaging

Product RAR Password Finder
Original name stub32i.exe
Internal name stub32
File version 1.01
Description Password Finder
Comments
Packers identified
F-PROT CAB
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-08-02 07:01:18
Entry Point 0x00008AF7
Number of sections 4
PE sections
Overlays
MD5 209cce7612892ce23ffeeccbf8610418
File type data
Offset 290816
Size 669810
Entropy 8.00
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetObjectA
TextOutA
CreateCompatibleDC
DeleteDC
SetBkMode
GetTextExtentPointA
BitBlt
CreatePalette
GetStockObject
CreateDIBitmap
GetDeviceCaps
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
EnumFontFamiliesExA
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
HeapDestroy
FreeEnvironmentStringsA
GetCurrentProcess
LocalAlloc
lstrcatA
UnhandledExceptionFilter
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
GetDiskFreeSpaceA
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
GetEnvironmentVariableA
LoadResource
FindClose
FormatMessageA
HeapAlloc
GetVersionExA
RemoveDirectoryA
GetPrivateProfileStringA
GetSystemDefaultLCID
MultiByteToWideChar
WritePrivateProfileSectionA
GetModuleHandleA
SetUnhandledExceptionFilter
MulDiv
GetSystemDirectoryA
MoveFileExA
TerminateProcess
GlobalAlloc
LocalFileTimeToFileTime
GetVersion
HeapFree
SetHandleCount
lstrcmpiA
FreeLibrary
IsBadWritePtr
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetProcAddress
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GlobalLock
GetFileType
GetPrivateProfileSectionA
CreateFileA
ExitProcess
GetLastError
DosDateTimeToFileTime
LCMapStringW
HeapCreate
lstrlenA
GlobalFree
LCMapStringA
HeapReAlloc
GetEnvironmentStringsW
GlobalUnlock
IsDBCSLeadByte
GetModuleFileNameA
GetShortPathNameA
SizeofResource
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
GetCommandLineA
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetEnvironmentStrings
CreateProcessA
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
LZCopy
LZClose
LZOpenFileA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SetFocus
GetParent
MapDialogRect
DrawTextA
BeginPaint
CreateDialogIndirectParamA
CheckRadioButton
ShowWindow
SetWindowPos
SendDlgItemMessageA
IsWindow
LoadIconA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
PostMessageA
MoveWindow
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
GetSysColorBrush
IsWindowEnabled
GetWindow
GetSysColor
CheckDlgButton
GetDC
ReleaseDC
SetWindowTextA
GetWindowLongA
SetParent
TranslateMessage
SendMessageA
GetClientRect
GetDlgItem
CreateDialogParamA
GetNextDlgTabItem
ScreenToClient
InvalidateRect
wsprintfA
UpdateWindow
GetActiveWindow
FillRect
LoadStringA
IsDlgButtonChecked
CharNextA
SetActiveWindow
GetDesktopWindow
LoadImageA
EndPaint
GetWindowTextA
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_DIALOG 10
RT_STRING 7
RT_ICON 4
RT_BITMAP 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.100.1332

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Password Finder

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
221184

EntryPoint
0x8af7

OriginalFileName
stub32i.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2007 - Information Packaging

FileVersion
1.01

TimeStamp
2002:08:02 09:01:18+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
stub32

ProductVersion
1.01

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Information Packaging

CodeSize
77824

ProductName
RAR Password Finder

ProductVersionNumber
4.1.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 bcd99daa92f75283885ad5e54d600623
SHA1 73566376ebd79e45b1893ede197923432818a8ce
SHA256 47dc665c232cc9c20b0ac42d336832c3d6ef9e8f2790bb0b8c2b4534a2966315
ssdeep
24576:mDdU+YdDUtBDVYPVsLzs0Iy6vAf2dKm7A91kyDj8NF:0dBtBDaCHAS2d8nAF

authentihash f6d4c1db5a16db6f6b4133b002a6f1803cba451ede21a55823addafaac5bfce2
imphash d84d991d25f1d024e6888428c049c5f2
File size 938.1 KB ( 960626 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2008-11-20 23:48:37 UTC ( 10 years, 3 months ago )
Last submission 2018-05-28 01:58:21 UTC ( 8 months, 3 weeks ago )
File names bcd99daa92f75283885ad5e54d600623
14280241
RAR Password Finder101.exe
RAR Password Finder v1.01.exe
output.110204157.txt
pt-rar101_exe
stub32i.exe
RAR Password Finder r101.exe
Password_Findert-rar101.exe
file-2940725_exe
Rar Password Finder - pt-rar101.exe
smona130798127240810480687
1380016022-pt-rar101.exe
output.14280241.txt
stub32
pt-rar101.exe
pt-rar101_2.exe
41956
rarpasswordfinder.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!