× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 532bd85487ce3c16654d21c6425f6f728430d50e47e802b332ea82ae0511adca
File name: d64d0cb0bb34fe900058b5fa5f9fc40b1feafd6d
Detection ratio: 3 / 53
Analysis date: 2015-12-13 00:26:17 UTC ( 3 years, 5 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20151213
ESET-NOD32 Win32/TrojanDownloader.Agent.BXE 20151212
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151213
Ad-Aware 20151213
AegisLab 20151212
Yandex 20151212
AhnLab-V3 20151212
Alibaba 20151208
Antiy-AVL 20151213
Arcabit 20151213
AVG 20151213
Avira (no cloud) 20151212
AVware 20151212
Baidu-International 20151212
BitDefender 20151213
Bkav 20151212
ByteHero 20151213
CAT-QuickHeal 20151212
ClamAV 20151213
CMC 20151211
Comodo 20151209
Cyren 20151212
DrWeb 20151213
Emsisoft 20151213
F-Prot 20151213
F-Secure 20151211
Fortinet 20151213
GData 20151213
Ikarus 20151212
Jiangmin 20151212
K7AntiVirus 20151212
K7GW 20151212
Kaspersky 20151212
Malwarebytes 20151212
McAfee 20151213
McAfee-GW-Edition 20151212
Microsoft 20151213
eScan 20151213
NANO-Antivirus 20151212
nProtect 20151211
Panda 20151212
Rising 20151212
SUPERAntiSpyware 20151212
Symantec 20151212
TheHacker 20151211
TotalDefense 20151212
TrendMicro 20151213
TrendMicro-HouseCall 20151212
VBA32 20151211
VIPRE 20151212
ViRobot 20151212
Zillya 20151211
Zoner 20151212
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Tim Kosse Copyright ?

Product Detect Leap
Description Confederates Onion Unetbootin
Comments Confederates Onion Unetbootin
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-10 17:33:15
Entry Point 0x00004650
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
IsValidAcl
RegCloseKey
DeregisterEventSource
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeSecurityDescriptor
InitializeAcl
IsValidSid
RegisterEventSourceA
GetLengthSid
ReportEventA
IsValidSecurityDescriptor
AVIStreamGetFrameOpen
AVIStreamGetFrame
AVIStreamGetFrameClose
Ord(17)
ImageList_ReplaceIcon
SetMapMode
CreateFontIndirectA
CombineRgn
SetStretchBltMode
GetPixel
GetDeviceCaps
CreateDCA
LineTo
DeleteDC
SetBkMode
CreateSolidBrush
BitBlt
RealizePalette
SetTextColor
GetObjectA
FillRgn
FrameRgn
MoveToEx
GetStockObject
CreateDIBitmap
SelectPalette
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetROP2
CreateRectRgn
SelectObject
GetTextExtentPoint32A
SetWindowOrgEx
DeleteObject
CreateCompatibleBitmap
GetTcpTable
SetThreadLocale
GetStdHandle
GetConsoleOutputCP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
LoadResource
InterlockedDecrement
SetLastError
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GlobalAddAtomA
SetUnhandledExceptionFilter
TerminateProcess
WriteConsoleA
GlobalAlloc
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GlobalDeleteAtom
GetProcAddress
lstrcpyA
GlobalLock
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GetEnvironmentStrings
GetCurrentProcessId
LockResource
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
EnumSystemCodePagesW
TlsFree
SetFilePointer
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
FreeResource
SizeofResource
IsValidCodePage
HeapCreate
VirtualFree
Sleep
FindResourceA
VirtualAlloc
GetRoleTextA
SHGetFileInfoA
CommandLineToArgvW
Shell_NotifyIconA
EmptyClipboard
ReleaseDC
PostMessageA
EndDialog
BeginPaint
CreateIconIndirect
DestroyMenu
PostQuitMessage
DefWindowProcA
CreatePopupMenu
MessageBeep
LoadBitmapA
GetClipboardData
FreeDDElParam
GetSystemMetrics
AppendMenuA
GetWindowRect
EndPaint
SetCapture
ReleaseCapture
GetDlgItemTextA
CallWindowProcA
MessageBoxA
GetWindowDC
DialogBoxParamA
ActivateKeyboardLayout
GetDC
InsertMenuItemA
GetCursorPos
DrawTextA
GetIconInfo
DestroyIcon
SetClipboardData
DrawIconEx
SendMessageA
GetClientRect
UnpackDDElParam
GetDlgItem
PackDDElParam
EnableMenuItem
ClientToScreen
InvalidateRect
wsprintfA
IsClipboardFormatAvailable
OpenClipboard
LoadCursorA
LoadIconA
TrackPopupMenu
FillRect
IsDlgButtonChecked
CopyRect
GetDesktopWindow
LockWindowUpdate
RealChildWindowFromPoint
CloseClipboard
SetCursor
DestroyWindow
mciSendCommandA
mciGetErrorStringA
WSAStartup
WSAEnumProtocolsA
WSAGetLastError
WSACleanup
Number of PE resources by type
RT_ICON 17
PNG 2
LANG 1
RT_MANIFEST 1
RT_RCDATA 1
TXT 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 25
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

Comments
Confederates Onion Unetbootin

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.34.6

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
125952

PrivateBuild
2.2.34.6

EntryPoint
0x4650

MIMEType
application/octet-stream

LegalCopyright
Tim Kosse Copyright

TimeStamp
2015:12:10 18:33:15+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

ProductVersion
2.2.34.6

FileDescription
Confederates Onion Unetbootin

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Tim Kosse

CodeSize
168960

ProductName
Detect Leap

ProductVersionNumber
2.2.34.6

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 58aeefd4700af5cb1db1f5603025a5ec
SHA1 d64d0cb0bb34fe900058b5fa5f9fc40b1feafd6d
SHA256 532bd85487ce3c16654d21c6425f6f728430d50e47e802b332ea82ae0511adca
ssdeep
6144:PUvnITq1X/ZSP8Dc19q0ySbi/lusqDoIyoc/+Q:cf8jGcvqhSbi/jqvNg

authentihash 90f3bb51141dd23ec86d4c18960a1df3a6e5e3e6fb1088c30cb9e8654ce76097
imphash 6b5f11329ddb4b06fc111de3a550bb86
File size 289.0 KB ( 295936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-13 00:26:17 UTC ( 3 years, 5 months ago )
Last submission 2016-01-12 15:15:45 UTC ( 3 years, 4 months ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs