× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4cd2e550f3aa26fc96d9fb4b5183f3665fccc3d97b6111a31de2ffb41e4eb5fe
File name: EC1EBB410026E2C8F0FF0155C352F7001C00533B.exe
Detection ratio: 6 / 41
Analysis date: 2009-09-30 11:10:34 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
Comodo Heur.Packed.Unknown 20090929
McAfee+Artemis Artemis!16CD89320E2F 20090929
Panda Suspicious file 20090930
Prevx Medium Risk Malware Dropper 20090930
Rising Packer.Win32.Mian007.a 20090930
eSafe Suspicious File 20090929
AVG 20090930
AhnLab-V3 20090929
AntiVir 20090930
Antiy-AVL 20090930
Authentium 20090930
Avast 20090929
BitDefender 20090930
CAT-QuickHeal 20090930
ClamAV 20090930
DrWeb 20090930
F-Prot 20090930
F-Secure 20090930
Fortinet 20090930
GData 20090930
Ikarus 20090930
Jiangmin 20090927
K7AntiVirus 20090929
Kaspersky 20090930
McAfee 20090929
McAfee-GW-Edition 20090930
Microsoft 20090923
NOD32 20090930
Norman 20090929
PCTools 20090929
Sophos 20090930
Sunbelt 20090930
Symantec 20090930
TheHacker 20090930
TrendMicro 20090930
VBA32 20090929
ViRobot 20090930
VirusBuster 20090929
a-squared 20090930
eTrust-Vet 20090929
nProtect 20090930
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-11-03 03:02:41
Link date 4:02 AM 11/3/2003
Entry Point 0x0000122F
Number of sections 6
PE sections
PE imports
ImageList_SetBkColor
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_GetDragImage
WNetGetConnectionW
WNetGetConnectionA
WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumA
calloc
localtime
_wtoi
__dllonexit
_errno
SetWindowRgn
GetScrollRange
EqualRect
GetCapture
EnableScrollBar
RegisterWindowMessageA
CreatePopupMenu
LockWindowUpdate
EnumChildWindows
UnregisterHotKey
MessageBoxA
AppendMenuW
GetWindowDC
DestroyCursor
ScrollDC
PostMessageW
CharPrevW
CopyImage
GetIconInfo
GetQueueStatus
InsertMenuA
wsprintfA
FindWindowExA
LoadCursorA
CallWindowProcA
SetScrollInfo
GetWindowTextA
IsDialogMessageA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
WSAStartup
strrchr
_fileno
_fpreset
free
memcpy
MCIWndCreateA
DoDragDrop
StringFromCLSID
CoTaskMemFree
OleSetClipboard
ProgIDFromCLSID
waveOutPrepareHeader
mmioRead
timeSetEvent
sndPlaySoundA
waveInUnprepareHeader
EnumPrintersA
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 1
NEUTRAL 1
NEUTRAL SYS DEFAULT 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2003:11:03 04:02:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
5.52

FileAccessDate
2014:06:07 08:59:47+01:00

EntryPoint
0x122f

InitializedDataSize
115712

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:07 08:59:47+01:00

UninitializedDataSize
0

File identification
MD5 16cd89320e2f7772df5b9495806ffe00
SHA1 4e58a12a9f722be0712517a0475fda60a8e94fdc
SHA256 4cd2e550f3aa26fc96d9fb4b5183f3665fccc3d97b6111a31de2ffb41e4eb5fe
ssdeep
3072:QFVh+/cCpy17YSzZzEFjZOGUUyiQ9LYLa8LH6VYA3ek:QMFpxSlUjZvULj90aKHm7

imphash 8aef34a681497fee16259bbb47c301aa
File size 124.0 KB ( 126976 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2009-09-30 10:11:55 UTC ( 4 years, 9 months ago )
Last submission 2014-06-07 07:59:22 UTC ( 1 month ago )
File names 16cd89320e2f7772df5b9495806ffe00
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!