× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 49ce521bfbf4bfaed385d3cded21a5e53c813140f4bffdeab5103e918ae32910
File name: AdvHack v2.exe
Detection ratio: 6 / 43
Analysis date: 2012-09-21 17:37:33 UTC ( 5 years, 2 months ago ) View latest
Antivirus Result Update
Comodo ApplicUnsaf.Win32.HackTool.Agent.~A 20120921
F-Prot W32/Heuristic-KPP!Eldorado 20120920
Symantec WS.Reputation.1 20120921
TheHacker Posible_Worm32 20120920
TrendMicro PAK_Generic.001 20120921
TrendMicro-HouseCall PAK_Generic.001 20120921
Yandex 20120921
AhnLab-V3 20120921
AntiVir 20120921
Antiy-AVL 20120911
Avast 20120921
AVG 20120921
BitDefender 20120921
ByteHero 20120918
CAT-QuickHeal 20120921
ClamAV 20120921
Commtouch 20120921
DrWeb 20120921
Emsisoft 20120919
eSafe 20120920
ESET-NOD32 20120921
F-Secure 20120921
Fortinet 20120921
GData 20120921
Ikarus 20120921
Jiangmin 20120921
K7AntiVirus 20120921
Kaspersky 20120921
Kingsoft 20120918
McAfee 20120921
McAfee-GW-Edition 20120921
Microsoft 20120921
Norman 20120921
nProtect 20120921
Panda 20120921
PCTools 20120921
Rising 20120921
Sophos AV 20120921
SUPERAntiSpyware 20120911
TotalDefense 20120920
VBA32 20120921
VIPRE 20120921
ViRobot 20120921
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-14 18:47:52
Entry Point 0x000105B0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
?_BADOFF@std@@3_JB
GetAsyncKeyState
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:04:14 19:47:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
10.0

EntryPoint
0x105b0

InitializedDataSize
4096

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
45056

Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 892f9620e3c72d73ee6bd944dc02c713
SHA1 19ec969f7e35c18b5f2c9d69acce4f86b2f5bcb9
SHA256 49ce521bfbf4bfaed385d3cded21a5e53c813140f4bffdeab5103e918ae32910
ssdeep
384:3oB6liMxdpto3zVBfNVSDqk8tBm608IlhLV8mIx19/ADh:4YXdczVlXSDyzm0ohLiH1I

authentihash 12e16c6f2dd2786a0d27433fc186c00c5b7f6c3cfcde8dd45ca4455c91c974a3
imphash b48e3c3b23997e0fe3fb9d3339e8bb57
File size 20.0 KB ( 20480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-04-14 19:30:18 UTC ( 5 years, 7 months ago )
Last submission 2017-11-21 18:30:59 UTC ( 2 days, 10 hours ago )
File names smona_49ce521bfbf4bfaed385d3cded21a5e53c813140f4bffdeab5103e918ae32910.bin
AdvHack v2 (1).exe
dikiy.aim.exe
HamitBey.exe
chams.exe
Muzammil V 2.0.exe
SpinHack v2.0.exe
d58eb4928450eb80538a16f7ea51ea32_AdvHack v2.exe.safe
ADVHack.exe
SBY730nU2C
advhack v2.exe
AdvHack v2.exe
kla.exe
AdvHack v3(NEW).exe
Wall + Aim Hack.exe
icq.exe
AdvHack v2.exe
CS 1.6 wallhack.exe
GC-11 wall+aim.exe
AdvHackv2.exe
Evlad-AM+WALL.exe
Soft EAC.exe
PR3T3ND V 2.0.exe
adv.exe
file-4165981_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R0C1C0EFA16.

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!