× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b5116ef7c8194936073cd8e879611089998adecd58f19f26880927be245c79b
File name: 73234
Detection ratio: 3 / 55
Analysis date: 2016-01-15 17:36:21 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.MulDrop5.14689 20160115
K7AntiVirus Riskware ( 0040eff71 ) 20160115
K7GW Riskware ( 0040eff71 ) 20160115
Ad-Aware 20160115
AegisLab 20160115
Yandex 20160114
AhnLab-V3 20160115
Alibaba 20160115
ALYac 20160115
Antiy-AVL 20160115
Arcabit 20160115
Avast 20160115
AVG 20160115
Avira (no cloud) 20160115
AVware 20160111
Baidu-International 20160115
BitDefender 20160115
Bkav 20160115
ByteHero 20160115
CAT-QuickHeal 20160115
ClamAV 20160115
CMC 20160111
Comodo 20160115
Cyren 20160115
Emsisoft 20160115
ESET-NOD32 20160115
F-Prot 20160115
F-Secure 20160115
Fortinet 20160115
GData 20160115
Ikarus 20160115
Jiangmin 20160115
Kaspersky 20160115
Malwarebytes 20160115
McAfee 20160115
McAfee-GW-Edition 20160115
Microsoft 20160115
eScan 20160115
NANO-Antivirus 20160115
nProtect 20160115
Panda 20160115
Qihoo-360 20160115
Rising 20160115
Sophos AV 20160115
SUPERAntiSpyware 20160115
Symantec 20160115
TheHacker 20160114
TotalDefense 20160115
TrendMicro 20160115
TrendMicro-HouseCall 20160115
VBA32 20160115
VIPRE 20160115
ViRobot 20160115
Zillya 20160114
Zoner 20160115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-08 18:20:03
Entry Point 0x00006293
Number of sections 4
PE sections
Overlays
MD5 c26f5492d83d479b395ea0e97fa22958
File type data
Offset 143360
Size 4505631
Entropy 7.97
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
GetConsoleCP
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
CreateProcessA
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
ShellExecuteA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
RUSSIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:03:08 19:20:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x6293

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Execution parents
File identification
MD5 cb3c5f4571537884490d9f9b225f46fb
SHA1 359c55871a0c4e8726b44708eb2f1e48109ed9a2
SHA256 4b5116ef7c8194936073cd8e879611089998adecd58f19f26880927be245c79b
ssdeep
98304:jUk9LIGXGHzSSfQUL8Qjo2Qy48YXjDmqlENJOiIZQws2wBUe6chZtb7V:ftW4UvCF5+J6QFbHtb7V

authentihash 1db126b22a074226fdd795d00dca4413f2a0b586407b60e4d15cdb762f243273
imphash bbaa6df883da7768c895ff451a9e3564
File size 4.4 MB ( 4648991 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-25 04:19:08 UTC ( 7 years, 3 months ago )
Last submission 2018-05-23 01:06:24 UTC ( 1 year ago )
File names output.109541934.txt
aa
VirusShare_cb3c5f4571537884490d9f9b225f46fb
9ONNSmZ9.sys
73234
screensaver_christmas_time.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!