× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54c32a8994ee8f78591e27331a47dd12553d1c8b64b820eddbcb51119fe67f7c
File name: vt-upload-c_WXY
Detection ratio: 38 / 50
Analysis date: 2014-03-01 23:16:59 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware Trojan.Ranapama.A 20140302
Yandex TrojanSpy.Zbot!G+gYOQL3JXk 20140228
AhnLab-V3 Spyware/Win32.Zbot 20140301
AntiVir TR/Ranapama.A 20140301
Antiy-AVL Trojan/Win32.SGeneric 20140301
Avast Win32:Injector-BQJ [Trj] 20140301
AVG Inject2.SNE 20140301
BitDefender Trojan.Ranapama.A 20140302
Bkav HW32.CDB.5fc3 20140228
Comodo TrojWare.Win32.Carberp.AV 20140301
DrWeb Trojan.PWS.Panda.2401 20140301
Emsisoft Trojan.Ranapama.A (B) 20140301
ESET-NOD32 a variant of Win32/Injector.AXPJ 20140301
F-Secure Trojan.Ranapama.A 20140301
Fortinet W32/Injector.AXKT!tr 20140301
GData Trojan.Ranapama.A 20140301
Jiangmin TrojanSpy.Zbot.gzne 20140301
K7AntiVirus Trojan ( 004952c31 ) 20140301
K7GW Trojan ( 004952c31 ) 20140301
Kaspersky Trojan-Spy.Win32.Zbot.rmop 20140301
Kingsoft Win32.Troj.Zbot.rm.(kcloud) 20140302
Malwarebytes Trojan.Zbot 20140301
McAfee Generic-FAOP!5624699DA0CA 20140301
McAfee-GW-Edition Generic-FAOP!5624699DA0CA 20140301
Microsoft PWS:Win32/Zbot 20140302
eScan Trojan.Ranapama.A 20140302
NANO-Antivirus Trojan.Win32.Zbot.ctptgx 20140301
nProtect Trojan.Ranapama.A 20140228
Panda Generic Malware 20140301
Qihoo-360 HEUR/Malware.QVM10.Gen 20140302
Sophos AV Troj/Wonton-P 20140301
SUPERAntiSpyware Trojan.Agent/Gen-Injector 20140301
Symantec Backdoor.Trojan 20140301
TheHacker Trojan/Injector.axkt 20140228
TrendMicro TROJ_FORUCON.BMC 20140301
TrendMicro-HouseCall TROJ_FORUCON.BMC 20140301
VBA32 SScope.Worm.Ngrbot.2414 20140228
VIPRE Trojan.Win32.Generic!BT 20140301
Baidu-International 20140301
ByteHero 20140302
CAT-QuickHeal 20140301
ClamAV 20140301
CMC 20140228
Commtouch 20140301
F-Prot 20140302
Ikarus 20140301
Norman 20140301
Rising 20140301
TotalDefense 20140301
ViRobot 20140301
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher Intel Pentium 4
Product Intel corporation Pentium 4
Original name intel.exe
File version 7.0.0.3
Description Intel corporation Pentium 4
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-11 01:56:58
Entry Point 0x000036A1
Number of sections 3
PE sections
PE imports
CreateCompatibleDC
CreateColorSpaceW
Arc
CombineRgn
CloseFigure
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
FillConsoleOutputCharacterW
RtlUnwind
GetModuleFileNameA
GetStdHandle
IsProcessorFeaturePresent
GetCommandLineA
DeleteCriticalSection
GetCurrentProcess
GetStartupInfoW
GetConsoleMode
DecodePointer
GetCurrentProcessId
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
WriteProfileSectionW
GetProcAddress
AddAtomW
EncodePointer
GetFileType
SetStdHandle
CompareStringW
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
SetUnhandledExceptionFilter
GetTempPathW
CloseHandle
GetTempFileNameA
GetComputerNameA
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
WriteFile
CreateFileW
InterlockedDecrement
Sleep
SetLastError
TlsSetValue
GetTickCount
GetCurrentThreadId
InterlockedIncrement
ExitProcess
WriteConsoleW
LeaveCriticalSection
glMateriali
glColor4iv
glEvalCoord2fv
wglRealizeLayerPalette
glFinish
wglUseFontBitmapsA
glIndexs
glNormal3b
ExtractIconExA
DoEnvironmentSubstA
ExtractAssociatedIconW
ExtractIconExW
ShellExecuteExW
ExtractIconW
SetFocus
SetWindowWord
DefFrameProcW
UpdateWindow
CloseDesktop
DdeConnect
GetKeyboardLayoutList
GetAsyncKeyState
GetWindowInfo
PostMessageW
FrameRect
mmioSeek
joyGetDevCapsA
PlaySoundA
waveOutGetDevCapsA
mixerClose
SymGetLineNext
SymGetModuleInfoW64
SymMatchString
ImageRvaToSection
SymGetLinePrev
SymLoadModuleEx
CoGetInstanceFromFile
StringFromCLSID
GetClassFile
CoBuildVersion
OleDestroyMenuDescriptor
FindMediaType
GetClassFileOrMime
CoInternetGetProtocolFlags
HlinkGoForward
Number of PE resources by type
RT_DIALOG 43
RT_BITMAP 27
RT_HTML 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 72
RUSSIAN 1
SPANISH HONDURAS 1
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.0.0.3

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
241664

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
7.0.0.3

TimeStamp
2014:02:11 02:56:58+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:03:02 00:17:31+01:00

ProductVersion
7.0.0.3

FileDescription
Intel corporation Pentium 4

OSVersion
5.0

FileCreateDate
2014:03:02 00:17:31+01:00

OriginalFilename
intel.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Intel Pentium 4

CodeSize
49664

ProductName
Intel corporation Pentium 4

ProductVersionNumber
7.0.0.3

EntryPoint
0x36a1

ObjectFileType
Executable application

File identification
MD5 5624699da0ca1e34320f479e47f01a1e
SHA1 57f9ccfc7d4f3ef08c71e25413778ed4b4aaacc1
SHA256 54c32a8994ee8f78591e27331a47dd12553d1c8b64b820eddbcb51119fe67f7c
ssdeep
6144:DeiGTXcxIK5iZf7gxhaJAxFsDhkrvmlMIB3h:DeiGImKo9YhaJAxe/3h

imphash f130d9b64f49f8db8c467a78a0a71386
File size 286.7 KB ( 293595 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-03-01 23:16:59 UTC ( 4 years, 11 months ago )
Last submission 2014-03-01 23:16:59 UTC ( 4 years, 11 months ago )
File names intel.exe
vt-upload-c_WXY
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs