× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48f9ff987cf320f93b6cd83f72691035bb22e3f80fa135b42c822e3a0186c3de
File name: simple.exe
Detection ratio: 6 / 46
Analysis date: 2013-08-20 20:06:57 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
BitDefender Gen:Variant.Symmi.27508 20130820
Emsisoft Gen:Variant.Symmi.27508 (B) 20130820
F-Secure Gen:Variant.Symmi.27508 20130820
GData Gen:Variant.Symmi.27508 20130820
Kaspersky UDS:DangerousObject.Multi.Generic 20130820
eScan Gen:Variant.Symmi.27508 20130820
Yandex 20130820
AhnLab-V3 20130820
AntiVir 20130820
Antiy-AVL 20130820
Avast 20130820
AVG 20130820
ByteHero 20130814
CAT-QuickHeal 20130820
ClamAV 20130820
Commtouch 20130820
Comodo 20130820
DrWeb 20130820
ESET-NOD32 20130820
F-Prot 20130820
Fortinet 20130820
Ikarus 20130820
Jiangmin 20130820
K7AntiVirus 20130820
K7GW 20130820
Kingsoft 20130723
Malwarebytes 20130820
McAfee 20130820
McAfee-GW-Edition 20130820
Microsoft 20130820
NANO-Antivirus 20130820
Norman 20130820
nProtect 20130820
Panda 20130820
PCTools 20130820
Rising 20130820
Sophos 20130820
SUPERAntiSpyware 20130820
Symantec 20130820
TheHacker 20130820
TotalDefense 20130820
TrendMicro 20130820
TrendMicro-HouseCall 20130820
VBA32 20130820
VIPRE 20130820
ViRobot 20130820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000B16B0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
ImageList_Add
VariantCopy
Number of PE resources by type
RT_STRING 16
RT_BITMAP 12
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_RCDATA 3
Number of PE resources by language
NEUTRAL 47
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
266240

LinkerVersion
2.25

EntryPoint
0xb16b0

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
458752

File identification
MD5 43a6501781a5536059dba1388cd8e392
SHA1 07f84b896e3dc2232c949ffecc8bcf594d34e47a
SHA256 48f9ff987cf320f93b6cd83f72691035bb22e3f80fa135b42c822e3a0186c3de
ssdeep
6144:laMBpTMcCLbXo8Ma3d39VGKZwimEiQV3TjSq8sIPwGpY/NF3:ltMVLbXo8XF90ImEiQVjjzcuNF3

authentihash 1bd1e20810a24e3f2e131a067e4ddf332cfe0a70f654c2d55e9812ca350854e4
imphash 79a04fb8db600bfc613c3e98a5d363f8
File size 262.5 KB ( 268800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-08-20 20:06:57 UTC ( 3 years, 9 months ago )
Last submission 2016-04-25 06:17:27 UTC ( 1 year, 1 month ago )
File names 07f84b896e3dc2232c949ffecc8bcf594d34e47a_simple.ex
43a6501781a5536059dba1388cd8e392.exe
simple.exe
14460512
output.14460512.txt
48f9ff987cf320f93b6cd83f72691035bb22e3f80fa135b42c822e3a0186c3de.bin
07f84b896e3dc2232c949ffecc8bcf594d34e47a.exe
malekal_43a6501781a5536059dba1388cd8e392
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs