× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b6fb7c55fff6ec5736506c2ae0bcd73a16245cf660baa616a4ef2d2d27a3c1a
File name: Texter Installer 0.6.exe
Detection ratio: 1 / 66
Analysis date: 2018-08-07 17:38:59 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Jiangmin Trojan.Antavmu.beu 20180807
Ad-Aware 20180807
AegisLab 20180807
AhnLab-V3 20180807
Alibaba 20180713
ALYac 20180807
Antiy-AVL 20180807
Arcabit 20180807
Avast 20180807
Avast-Mobile 20180807
AVG 20180807
Avira (no cloud) 20180807
AVware 20180727
Babable 20180725
Baidu 20180807
BitDefender 20180807
Bkav 20180807
CAT-QuickHeal 20180807
ClamAV 20180807
CMC 20180807
Comodo 20180807
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180807
Cyren 20180807
DrWeb 20180807
eGambit 20180807
Emsisoft 20180807
Endgame 20180730
ESET-NOD32 20180807
F-Prot 20180807
F-Secure 20180807
Fortinet 20180807
GData 20180807
Ikarus 20180807
Sophos ML 20180717
K7AntiVirus 20180807
K7GW 20180807
Kaspersky 20180807
Kingsoft 20180807
Malwarebytes 20180807
MAX 20180807
McAfee 20180807
McAfee-GW-Edition 20180807
Microsoft 20180807
eScan 20180807
NANO-Antivirus 20180807
Palo Alto Networks (Known Signatures) 20180807
Panda 20180807
Qihoo-360 20180807
Rising 20180807
SentinelOne (Static ML) 20180701
Sophos AV 20180807
SUPERAntiSpyware 20180807
Symantec 20180807
Symantec Mobile Insight 20180801
TACHYON 20180807
Tencent 20180807
TheHacker 20180807
TrendMicro 20180807
TrendMicro-HouseCall 20180807
Trustlook 20180807
VBA32 20180806
VIPRE 20180807
ViRobot 20180807
Webroot 20180807
Yandex 20180805
ZoneAlarm by Check Point 20180807
Zoner 20180806
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1, 0, 46, 05
Packers identified
F-PROT AutoIt, UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-01-04 17:09:51
Entry Point 0x00075480
Number of sections 3
PE sections
Overlays
MD5 8b6ae28ed13ca463c7eb9b27fb1cbcda
File type data
Offset 245248
Size 359215
Entropy 8.00
PE imports
RegCloseKey
BitBlt
LoadLibraryA
ExitProcess
GetProcAddress
OleLoadPicture
DragFinish
VerQueryValueA
mixerOpen
WSACleanup
GetOpenFileNameA
CoInitialize
Number of PE resources by type
RT_ICON 10
RT_GROUP_ICON 7
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 22
PE resources
ExifTool file metadata
UninitializedDataSize
270336

LinkerVersion
7.1

ImageVersion
0.0

FileVersionNumber
1.0.46.5

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

InitializedDataSize
40960

EntryPoint
0x75480

MIMEType
application/octet-stream

FileVersion
1, 0, 46, 05

TimeStamp
2007:01:04 18:09:51+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1, 0, 46, 05

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
208896

FileSubtype
0

ProductVersionNumber
1.0.46.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 dd78e1f84a4be3ad635bc4cd34529754
SHA1 bcb68e87618e74355281a299c9114aa05973fb17
SHA256 4b6fb7c55fff6ec5736506c2ae0bcd73a16245cf660baa616a4ef2d2d27a3c1a
ssdeep
12288:zOF3k/KxAYIRCD9jb4yKyfznwSAUwdaFRlHj1fupZQHt:zOW/BRs9jhKyLopOuYt

authentihash 36c9cc908ed472d48b39cee38030ca916f637ce2a37fc9e5a2a79bc6fe67b3fd
imphash 0999a26b575dfc90d79c90c14fd5ba55
File size 590.3 KB ( 604463 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
peexe via-tor upx overlay

VirusTotal metadata
First submission 2008-01-22 12:07:58 UTC ( 11 years, 3 months ago )
Last submission 2018-07-03 10:34:03 UTC ( 10 months, 2 weeks ago )
File names texter-installer-0.6.exe
vti-rescan
texter-0.6.exe
dd78e1f84a4be3ad635bc4cd34529754
dd78e1f84a4be3ad635bc4cd34529754.exes
vsb41n5t.1ot
Texter.exe
Texter for windows.exe
Texter-Installer-..exe
4b6fb7c55fff6ec5736506c2ae0bcd73a16245cf660baa616a4ef2d2d27a3c1a.exe
0ab5d10ebd348d03c4f5e4b20306a20e7a634c5d1d2eaad6890a3807037ab58b8deb0e9435e631bf7f44b3bb50281b2cf97907ec19bc1eac4d479e89583eeb08
Texter-Installer-0.6.exe
file-3009292_exe
Texter-Installer-0.6.exe
bcb68e87618e74355281a299c9114aa05973fb17
Texter%20Installer%200.6.exe
bcb68e87618e74355281a299c9114aa05973fb17.bin
Texter-Installer-0.6.exe
octet-stream
Texter Installer 0.6.exe
Texter%20Installer%200.6.exe
Texter_Installer_0.6.exe
smona131073925230210870182
file-8138_exe
vs861n3o.vts
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!