| SHA256: | 4b9c642e42b405eb5ec6af776c1a1fb432a8223813fa7c1763a03023dbc17e26 |
| File name: | 31DCBE32B0D9BDEB33F12C00EDA91900368279DD.exe |
| Detection ratio: | 4 / 43 |
| Analysis date: | 2010-10-27 07:16:53 UTC ( 8 years, 2 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Authentium | W32/Pws.BQZG | 20101027 |
| F-Prot | W32/Pws.BQZG | 20101026 |
| K7AntiVirus | Password-Stealer | 20101026 |
| Prevx | Medium Risk Malware | 20101027 |
| AhnLab-V3 | 20101027 | |
| AntiVir | 20101026 | |
| Antiy-AVL | 20101027 | |
| Avast | 20101026 | |
| Avast5 | 20101026 | |
| AVG | 20101026 | |
| BitDefender | 20101027 | |
| CAT-QuickHeal | 20101026 | |
| ClamAV | 20101027 | |
| Comodo | 20101027 | |
| DrWeb | 20101027 | |
| Emsisoft | 20101027 | |
| eSafe | 20101026 | |
| eTrust-Vet | 20101026 | |
| F-Secure | 20101027 | |
| Fortinet | 20101027 | |
| GData | 20101027 | |
| Ikarus | 20101027 | |
| Jiangmin | 20101027 | |
| Kaspersky | 20101027 | |
| McAfee | 20101027 | |
| McAfee-GW-Edition | 20101026 | |
| Microsoft | 20101027 | |
| NOD32 | 20101027 | |
| Norman | 20101026 | |
| nProtect | 20101026 | |
| Panda | 20101027 | |
| PCTools | 20101027 | |
| Rising | 20101027 | |
| Sophos AV | 20101027 | |
| Sunbelt | 20101027 | |
| SUPERAntiSpyware | 20101027 | |
| Symantec | 20101027 | |
| TheHacker | 20101027 | |
| TrendMicro | 20101027 | |
| TrendMicro-HouseCall | 20101027 | |
| VBA32 | 20101025 | |
| ViRobot | 20101027 | |
| VirusBuster | 20101026 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UTF-8
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-29 15:29:18
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 81a5de82757db388d8f632e77221979c
File type application/x-rar
Offset 180736
Size 2716080
Entropy 8.00
PE imports
Number of PE resources by type
RT_DIALOG 6
RT_STRING 4
RT_RCDATA 1
RT_MANIFEST 1
RT_ICON 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 11
NEUTRAL DEFAULT 3
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
FileTypeExtension
exe
TimeStamp
2008:06:29 16:29:18+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
81920
LinkerVersion
5.0
ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit
EntryPoint
0x1000
InitializedDataSize
98816
SubsystemVersion
4.0
ImageVersion
0.0
OSVersion
4.0
UninitializedDataSize
0
File identification
MD5 1a4bea404fba12c54a89520644dd2736
SHA1 809ddf6a8be97e0b02c714e930a850e19eeb1b60
SHA256 4b9c642e42b405eb5ec6af776c1a1fb432a8223813fa7c1763a03023dbc17e26
ssdeep
49152:AWVCAYINsZYdLdldkRoqDxLX2GhHlrmZiQti+vaBfJydJyrql92d/R:txNQ0dlSR1j2Gllr2Myat4dJyrql0
File size
2.8 MB ( 2896816 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
WinRAR Self Extracting archive (4.x-5.x) (59.8%) WinRAR Self Extracting archive (37.9%) Windows screen saver (0.9%) Win32 Dynamic Link Library (generic) (0.4%) Win32 Executable (generic) (0.3%) |
Tags
peexe
overlay
VirusTotal metadata
First submission
2009-04-02 19:45:48 UTC ( 9 years, 9 months ago )
Last submission
2016-05-25 15:04:24 UTC ( 2 years, 7 months ago )
| File names |
dynamic_fire_2_alpha_1.2.exe |
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the
behaviour of the file when executed in a controlled environment. The actions
and events described were either performed by the file itself or by any other
process launched by the executed file or subjected to code injection by the
executed file.