× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bcd439dfdc9c6a1292ad71f41d8dd907fc8b87baa25138771bf233b75188ec2
File name: executable.2024.exe
Detection ratio: 2 / 47
Analysis date: 2014-06-28 21:19:02 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
AntiVir TR/Patched.Gen 20140628
CAT-QuickHeal (Suspicious) - DNAScan 20140628
Ad-Aware 20140628
AegisLab 20140628
Yandex 20140628
AhnLab-V3 20140628
Antiy-AVL 20140628
Avast 20140628
AVG 20140628
Baidu-International 20140628
BitDefender 20140628
Bkav 20140625
ByteHero 20140628
ClamAV 20140628
CMC 20140627
Commtouch 20140628
Comodo 20140628
DrWeb 20140628
ESET-NOD32 20140628
F-Prot 20140628
F-Secure 20140628
Fortinet 20140628
GData 20140628
Ikarus 20140628
Jiangmin 20140628
K7AntiVirus 20140627
K7GW 20140627
Kaspersky 20140628
McAfee 20140628
McAfee-GW-Edition 20140628
Microsoft 20140628
NANO-Antivirus 20140628
Norman 20140628
nProtect 20140627
Qihoo-360 20140628
Rising 20140623
Sophos AV 20140628
SUPERAntiSpyware 20140628
Tencent 20140628
TheHacker 20140624
TotalDefense 20140628
TrendMicro 20140628
TrendMicro-HouseCall 20140628
VIPRE 20140628
ViRobot 20140628
Zillya 20140627
Zoner 20140626
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name wuauclt.exe
Internal name wuauclt.exe
File version 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)
Description Automatic Updates
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-08-04 06:00:27
Entry Point 0x0000BAD5
Number of sections 3
PE sections
PE imports
SetSecurityDescriptorDacl
RevertToSelf
RegCloseKey
OpenProcessToken
GetUserNameW
IsValidSid
FreeSid
CopySid
RegOpenKeyExW
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenThreadToken
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegQueryValueExW
GetLengthSid
InitiateSystemShutdownExW
ImpersonateSelf
RegOpenKeyW
Ord(30)
Ord(16)
Ord(21)
InitCommonControlsEx
CertGetCertificateContextProperty
CryptHashPublicKeyInfo
GetTextMetricsW
DeleteDC
CreateFontIndirectW
SetBkMode
GetStockObject
GetObjectW
SelectObject
CreateCompatibleDC
DeleteObject
SetTextColor
GetUserDefaultUILanguage
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
ReleaseMutex
LoadResource
FileTimeToSystemTime
WaitForSingleObject
GetVersionExW
FreeLibrary
QueryPerformanceCounter
CompareStringW
GetTickCount
FindResourceExW
FlushFileBuffers
GetFileAttributesW
lstrlenW
SystemTimeToTzSpecificLocalTime
VerSetConditionMask
HeapAlloc
GetCurrentProcess
SystemTimeToFileTime
CompareFileTime
GetCurrentProcessId
GetSystemWindowsDirectoryW
LockResource
SetFilePointer
GetCommandLineW
WideCharToMultiByte
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
VerifyVersionInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
CreateThread
MapViewOfFile
GetModuleHandleA
GetSystemDirectoryW
ReadFile
SetUnhandledExceptionFilter
WriteFile
CreateMutexW
CloseHandle
GetSystemTimeAsFileTime
DuplicateHandle
HeapReAlloc
GetModuleHandleW
ExpandEnvironmentStringsW
SetEvent
TerminateProcess
CreateEventW
GetTimeZoneInformation
UnmapViewOfFile
OpenEventW
CreateFileW
InterlockedDecrement
Sleep
GetCurrentThread
SetEndOfFile
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
GetFileSize
SetLastError
InterlockedIncrement
GradientFill
SystemTimeToVariantTime
Shell_NotifyIconW
StrChrW
PathIsRootW
StrRChrW
PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathIsRelativeW
SetFocus
DrawEdge
DrawAnimatedRects
GetClassInfoExW
EnableWindow
DestroyWindow
DefWindowProcW
FindWindowW
DispatchMessageW
KillTimer
PostQuitMessage
ShowWindow
SetWindowPos
GetParent
GetSystemMetrics
SetWindowLongW
PeekMessageW
GetWindowRect
RegisterClassExW
SetCapture
ReleaseCapture
MapWindowPoints
SendDlgItemMessageW
FindWindowExW
GetSysColor
SendMessageW
CheckDlgButton
GetDC
GetWindowLongW
CreateDialogParamW
ReleaseDC
BeginPaint
DestroyIcon
TranslateMessage
DrawIconEx
IsWindowVisible
LoadStringW
SetWindowTextW
GetDlgItem
SystemParametersInfoW
GetDlgItemTextW
EnableMenuItem
ScreenToClient
SetRect
CharNextW
InvalidateRect
DrawFocusRect
SetTimer
LoadImageW
GetWindowTextLengthW
IsDialogMessageW
FillRect
IsDlgButtonChecked
GetClientRect
GetWindowTextW
SetDlgItemTextW
LoadCursorW
GetSystemMenu
GetFocus
CreateWindowExW
MsgWaitForMultipleObjects
EndPaint
SetForegroundWindow
DrawTextW
PtInRect
ExitWindowsEx
SetCursor
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
_purecall
__wgetmainargs
__p__fmode
_ftol
__dllonexit
_vsnwprintf
_except_handler3
_c_exit
??2@YAPAXI@Z
_onexit
wcslen
exit
_XcptFilter
__setusermatherr
__p__commode
_wcmdln
_cexit
_exit
_adjust_fdiv
??3@YAXPAX@Z
_wtol
memmove
wcsstr
_initterm
_controlfp
_wtoi
__set_app_type
CoInitializeEx
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
StringFromCLSID
CoTaskMemFree
Ord(4)
Ord(3)
Ord(2)
Ord(1)
Number of PE resources by type
RT_ICON 9
RT_DIALOG 5
RT_STRING 5
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
5.1

FileSubtype
0

FileVersionNumber
5.4.3790.2180

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
36864

EntryPoint
0xbad5

OriginalFileName
wuauclt.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)

TimeStamp
2004:08:04 07:00:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
wuauclt.exe

ProductVersion
5.4.3790.2180

FileDescription
Automatic Updates

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
75264

ProductName
Microsoft Windows Operating System

ProductVersionNumber
5.4.3790.2180

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 4fcea83be5ab4a189585f59d4b5b0c48
SHA1 41d07ee8b4246764af2294e3194f3cfaee60b4cb
SHA256 4bcd439dfdc9c6a1292ad71f41d8dd907fc8b87baa25138771bf233b75188ec2
ssdeep
1536:Duk3BgwUsyAB+4vIxZ1QcH+mPFypX5VsHQu:DukRgw5yA+XZ1QcekyBbsHQu

authentihash bb4ebea5a1f1b674d7d33ab6476642e7c5b99e03ee61d635bda97ab3631ba190
imphash 87f60dacc32b2ab1e388c26e1b6dbf0d
File size 120.0 KB ( 122880 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-28 21:19:02 UTC ( 3 years, 4 months ago )
Last submission 2015-12-27 21:06:25 UTC ( 1 year, 10 months ago )
File names executable.2024.exe
4bcd439dfdc9c6a1292ad71f41d8dd907fc8b87baa25138771bf233b75188ec2.vir
wuauclt.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.