× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4d7cb85d512b0859bd10a106589a8d3f30e59d1cc8b65581603a5c0792df13e6
File name: MMS_Message.bmp.exe
Detection ratio: 8 / 46
Analysis date: 2013-05-15 18:33:53 UTC ( 11 months, 1 week ago ) View latest
Antivirus Result Update
Fortinet W32/Kryptik.AX!tr 20130514
Kaspersky UDS:DangerousObject.Multi.Generic 20130514
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C!81 20130514
Panda Suspicious file 20130513
Sophos Mal/Generic-S 20130514
Symantec WS.Reputation.1 20130514
TheHacker Posible_Worm32 20130513
eSafe Suspicious File 20130513
AVG 20130514
Agnitum 20130513
AhnLab-V3 20130513
AntiVir 20130514
Antiy-AVL 20130513
Avast 20130514
BitDefender 20130514
ByteHero 20130514
CAT-QuickHeal 20130514
ClamAV 20130514
Commtouch 20130514
Comodo 20130514
DrWeb 20130514
ESET-NOD32 20130513
Emsisoft 20130514
F-Prot 20130514
F-Secure 20130514
GData 20130514
Ikarus 20130514
Jiangmin 20130514
K7AntiVirus 20130513
K7GW 20130513
Kingsoft 20130506
Malwarebytes 20130514
McAfee 20130514
MicroWorld-eScan 20130514
Microsoft 20130514
NANO-Antivirus 20130514
Norman 20130513
PCTools 20130514
SUPERAntiSpyware 20130514
TotalDefense 20130513
TrendMicro 20130514
TrendMicro-HouseCall 20130514
VBA32 20130513
VIPRE 20130514
ViRobot 20130514
nProtect 20130514
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Fop 1995 2007

Publisher I%x>
Product Vibes Porn Soap Kurt
Original name Bolt.exe
Internal name Psi Circe Shrew Barton Ibid Awn
Description Gysiv
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-03 12:33:04
Link date 1:33 PM 11/3/2004
Entry Point 0x000C32C0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
Shell_NotifyIconA
EndDialog
Number of PE resources by type
RT_DLGINCLUDE 16
RT_ICON 14
RT_DIALOG 11
RT_VERSION 1
Number of PE resources by language
DUTCH 42
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.10.0.0

UninitializedDataSize
729088

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Fop 1995 2007

TimeStamp
2004:11:03 13:33:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Psi Circe Shrew Barton Ibid Awn

FileAccessDate
2014:03:06 11:20:32+01:00

ProductVersion
2 10 659

FileDescription
Gysiv

OSVersion
4.0

FileCreateDate
2014:03:06 11:20:32+01:00

OriginalFilename
Bolt.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
I%x>

CodeSize
69632

ProductName
Vibes Porn Soap Kurt

ProductVersionNumber
2.10.0.0

EntryPoint
0xc32c0

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 d55f732cc41eaadca1c58b4c3d07e431
SHA1 eef0297252e1fef81154d09f7310bbb8ee4559fd
SHA256 4d7cb85d512b0859bd10a106589a8d3f30e59d1cc8b65581603a5c0792df13e6
ssdeep
1536:+KMkXI8QLMGGtGrN17uOtO0I33j3wU1KVhHl0qbR3YFR34bDDGVvA:+KfXI8ztKNtte33jgU1KV5Cqbd0oDGV

imphash cf50b9e410643ce5cb6e0b0b8f5e0e7b
File size 70.0 KB ( 71680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-15 10:25:36 UTC ( 11 months, 1 week ago )
Last submission 2013-05-16 16:12:24 UTC ( 11 months, 1 week ago )
File names MMS_Message.bmp.exe
MMS_Message 88740922.bmp.exe
Bolt.exe
Psi Circe Shrew Barton Ibid Awn
file-5492010_exe
d55f732cc41eaadca1c58b4c3d07e431.bin
MMS_Message 88740922.bmp.exe
MMS_Message_88740922.bmp.exe
vx
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!