× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54c196849f3138fa76eea10db3ae6cc14e27b9234bf4704e98ebf376b9a67ee2
File name: f0e4b2c0e73d20cc535834b0d7faa6c2.exe
Detection ratio: 12 / 46
Analysis date: 2013-01-10 15:45:19 UTC ( 4 years, 10 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20130110
DrWeb Trojan.Packed.23728 20130110
ESET-NOD32 a variant of Win32/Kryptik.ARWM 20130110
Fortinet W32/Zbot.DHN!tr 20130110
Kaspersky HEUR:Trojan.Win32.Generic 20130110
Malwarebytes Trojan.Zbot 20130110
McAfee PWS-Zbot.gen.aua 20130110
Rising Trojan.Suuware!4DFA 20130110
Symantec Suspicious.Cloud 20130110
TrendMicro HS_RANSDIGI.SM 20130110
TrendMicro-HouseCall HS_RANSDIGI.SM 20130110
VIPRE Trojan-PWS.Win32.Zbot.aql (v) 20130110
Yandex 20130110
AntiVir 20130107
Antiy-AVL 20130110
Avast 20130110
AVG 20130110
BitDefender 20130110
ByteHero 20130109
CAT-QuickHeal 20130110
ClamAV 20130110
Commtouch 20130110
Comodo 20130110
Emsisoft 20130110
eSafe 20130110
F-Prot 20130110
F-Secure 20130110
GData 20130110
Ikarus 20130110
Jiangmin 20121221
K7AntiVirus 20130109
Kingsoft 20130107
McAfee-GW-Edition 20130110
Microsoft 20130110
eScan 20130110
NANO-Antivirus 20130110
Norman 20130109
nProtect 20130110
Panda 20130110
PCTools 20130110
Sophos AV 20130110
SUPERAntiSpyware 20130110
TheHacker 20130109
TotalDefense 20130108
VBA32 20130109
ViRobot 20130110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) __________ __________. ___ _____ ________.

Publisher __________ __________
Product ____________ _______ Microsoft_ Windows_
Original name sndrec32.exe
Internal name soundrec.exe
File version 5.1.2600.5512 (xpsp.080413-0845)
Description ___________
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-10 14:31:32
Entry Point 0x00001CB0
Number of sections 6
PE sections
PE imports
RegOpenKeyA
GetLastError
HeapFree
CopyFileW
FileTimeToDosDateTime
VirtualAllocEx
QueryPerformanceCounter
HeapAlloc
GetModuleFileNameA
lstrcmpiW
GetCurrentProcess
FileTimeToLocalFileTime
GetCurrentProcessId
SetFilePointer
lstrlenW
UnhandledExceptionFilter
SetErrorMode
DeleteFileW
GetProcessHeap
lstrcpynW
GetModuleHandleA
lstrcpyW
CreateThread
ExpandEnvironmentStringsW
ReadFile
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
lstrcmpW
LocalFree
TerminateProcess
CreateFileW
SetCurrentDirectoryA
CreateProcessW
Sleep
FormatMessageA
GetTickCount
ExitProcess
GetCurrentThreadId
LocalAlloc
SetLastError
LoadCursorW
GetSysColor
LoadCursorA
LoadIconA
RegisterClassExA
__p__fmode
__wgetmainargs
_ftol
memset
fclose
_wcslwr
swprintf
_wfullpath
__winitenv
_cexit
_c_exit
floor
exit
_XcptFilter
__setusermatherr
wcsncpy
_adjust_fdiv
_except_handler3
__p__commode
_wsplitpath
_wfopen
fwprintf
_controlfp
wcsstr
_initterm
_exit
_ltow
__set_app_type
Number of PE resources by type
RT_ICON 9
RT_STRING 9
RT_DIALOG 4
RT_GROUP_ICON 3
RT_RCDATA 2
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
RUSSIAN 31
GERMAN SWISS 1
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.2600.5512

UninitializedDataSize
0

LanguageCode
Russian

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
160768

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
. .

FileVersion
5.1.2600.5512 (xpsp.080413-0845)

TimeStamp
2013:01:10 15:31:32+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
soundrec.exe

ProductVersion
5.1.2600.5512

FileDescription

OSVersion
5.0

OriginalFilename
sndrec32.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName

CodeSize
5120

ProductName
Microsoft Windows

ProductVersionNumber
5.1.2600.5512

EntryPoint
0x1cb0

ObjectFileType
Executable application

File identification
MD5 f0e4b2c0e73d20cc535834b0d7faa6c2
SHA1 cf2620384f69306133fe98c7f1fb69134a54097b
SHA256 54c196849f3138fa76eea10db3ae6cc14e27b9234bf4704e98ebf376b9a67ee2
ssdeep
3072:8xetHytSlLlbYl+kY4QidUDU8iXcoIEWpWfL:Rx+fl+k5QidUDU8o4EoWfL

File size 175.8 KB ( 179976 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (80.9%)
Win32 Executable Generic (8.0%)
Win32 Dynamic Link Library (generic) (7.1%)
Generic Win/DOS Executable (1.8%)
DOS Executable Generic (1.8%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-10 14:55:35 UTC ( 4 years, 10 months ago )
Last submission 2013-02-26 07:33:12 UTC ( 4 years, 8 months ago )
File names HEUR.Trojan.Win32.Generic.bin
20aad25f-4d3fcb43.jar
sndrec32.exe
soundrec.exe
f0e4b2c0e73d20cc535834b0d7faa6c2.exe
vti-rescan
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!