× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4919e26ad8529dcac5c8a2f631779861047cadc35a704cdd19cb829a30929421
File name: 443445
Detection ratio: 0 / 68
Analysis date: 2018-08-14 00:39:05 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180813
AegisLab 20180813
AhnLab-V3 20180813
Alibaba 20180713
ALYac 20180813
Antiy-AVL 20180814
Arcabit 20180813
Avast 20180813
Avast-Mobile 20180813
AVG 20180813
Avira (no cloud) 20180813
AVware 20180813
Babable 20180725
Baidu 20180813
BitDefender 20180813
Bkav 20180813
CAT-QuickHeal 20180813
ClamAV 20180813
CMC 20180812
Comodo 20180814
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180814
Cyren 20180813
DrWeb 20180813
eGambit 20180814
Emsisoft 20180813
Endgame 20180730
ESET-NOD32 20180813
F-Prot 20180813
F-Secure 20180813
Fortinet 20180813
GData 20180813
Ikarus 20180813
Sophos ML 20180717
Jiangmin 20180813
K7AntiVirus 20180813
K7GW 20180814
Kaspersky 20180813
Kingsoft 20180814
Malwarebytes 20180813
MAX 20180814
McAfee 20180813
McAfee-GW-Edition 20180813
Microsoft 20180814
eScan 20180813
NANO-Antivirus 20180813
Palo Alto Networks (Known Signatures) 20180814
Panda 20180813
Qihoo-360 20180814
Rising 20180813
SentinelOne (Static ML) 20180701
Sophos AV 20180813
SUPERAntiSpyware 20180813
Symantec 20180813
Symantec Mobile Insight 20180812
TACHYON 20180813
Tencent 20180814
TheHacker 20180813
TotalDefense 20180813
TrendMicro 20180813
TrendMicro-HouseCall 20180813
Trustlook 20180814
VBA32 20180813
VIPRE 20180813
ViRobot 20180813
Webroot 20180814
Yandex 20180810
Zillya 20180812
ZoneAlarm by Check Point 20180813
Zoner 20180813
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-10-09 17:07:14
Entry Point 0x000031E2
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
OpenProcessToken
FreeSid
RegQueryValueExA
DuplicateToken
AccessCheck
AllocateAndInitializeSid
AddAccessAllowedAce
OpenThreadToken
RegOpenKeyExA
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
GetCurrentThread
LCMapStringW
HeapCreate
GetConsoleCP
GetOEMCP
LCMapStringA
IsDebuggerPresent
GetTickCount
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
EnterCriticalSection
SizeofResource
GetFileType
GetConsoleMode
GetLocaleInfoA
LocalAlloc
GetConsoleOutputCP
SetHandleCount
WriteConsoleW
CreateDirectoryA
GetCurrentDirectoryA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
InterlockedIncrement
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
SetStdHandle
SetFilePointer
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
GetCurrentProcessId
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
HeapAlloc
LocalFree
TerminateProcess
GetEnvironmentStrings
QueryPerformanceCounter
WriteConsoleA
WideCharToMultiByte
IsValidCodePage
LoadResource
VirtualFree
TlsGetValue
Sleep
FormatMessageA
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
FindResourceA
VirtualAlloc
SetCurrentDirectoryA
SetLastError
LeaveCriticalSection
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
GetMessageA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
DispatchMessageA
EndPaint
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
TranslateMessage
DialogBoxParamA
RegisterClassExA
SetWindowTextA
LoadStringA
GetDlgItem
LoadAcceleratorsA
CreateWindowExA
LoadCursorA
LoadIconA
TranslateAcceleratorA
DestroyWindow
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 16
RT_DIALOG 5
RT_GROUP_ICON 2
CUSTOM 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
GERMAN 29
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.0.0

LanguageCode
Unknown (FFFF)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
ASCII

InitializedDataSize
1330176

EntryPoint
0x31e2

MIMEType
application/octet-stream

FileVersion
1.6.0.0

TimeStamp
2009:10:09 18:07:14+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.6.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
SPIA - System Software Solutions

CodeSize
48128

ProductName
NTFSFileRestorer

ProductVersionNumber
1.6.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 f53a095393095d1fe7c83701ee492c26
SHA1 a491679c95e49d437b048450bfe1e5df3d58190e
SHA256 4919e26ad8529dcac5c8a2f631779861047cadc35a704cdd19cb829a30929421
ssdeep
6144:oSxkLWoB2daWNgAxYFxYGXikCwdfr4/X4pz:o/L7WN/sFCwdfr4/Xa

authentihash a602fef299c78d4dd0b66e528972b636988381aacae25c967f4f01604268b302
imphash 17d3e6f9497efb4818ed8ac3e9389279
File size 1.3 MB ( 1379328 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe

VirusTotal metadata
First submission 2010-11-16 18:52:06 UTC ( 8 years, 2 months ago )
Last submission 2016-03-21 00:54:22 UTC ( 2 years, 10 months ago )
File names 23053193
4919e26ad8529dcac5c8a2f631779861047cadc35a704cdd19cb829a30929421.exe
15
1346140941-download.exe
4919E26AD8529DCAC5C8A2F631779861047CADC35A704CDD19CB829A30929421
443445
ntfs_fr_setup.exe
ntfs-fr-setup.exe
file-543102_exe
ntfs_fr_setup.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!