× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 54e80b6d08bedf9210e6a0cead297a36d34f12170568c672e70ff6f750a69a00
File name: VD90c_2121.exe
Detection ratio: 14 / 43
Analysis date: 2011-07-21 14:13:39 UTC ( 2 years, 9 months ago )
Antivirus Result Update
AVG Dropper.Generic4.MNT 20110721
AntiVir DR/Delphi.Gen 20110721
Avast Win32:Delf-QBH [Trj] 20110721
Avast5 Win32:Delf-QBH [Trj] 20110721
BitDefender Gen:Variant.FakeAV.21 20110721
Emsisoft Virus.Win32.DelfInject !IK 20110721
F-Secure Gen:Variant.FakeAV.21 20110721
GData Gen:Variant.FakeAV.21 20110721
Ikarus Virus.Win32.DelfInject 20110721
Microsoft Rogue:Win32/FakeVimes 20110721
NOD32 a variant of Win32/Injector.HWW 20110721
VIPRE Trojan.Win32.Generic!BT 20110721
eTrust-Vet Win32/DFInject.I!generic 20110721
nProtect Gen:Variant.FakeAV.21 20110721
AhnLab-V3 20110721
Antiy-AVL 20110721
CAT-QuickHeal 20110721
ClamAV 20110721
Commtouch 20110721
Comodo 20110721
DrWeb 20110721
F-Prot 20110720
Fortinet 20110721
Jiangmin 20110720
K7AntiVirus 20110720
Kaspersky 20110721
McAfee 20110721
McAfee-GW-Edition 20110721
Norman 20110721
PCTools 20110721
Panda 20110721
Prevx 20110721
Rising 20110721
SUPERAntiSpyware 20110721
Sophos 20110721
Symantec 20110721
TheHacker 20110721
TrendMicro 20110721
TrendMicro-HouseCall 20110721
VBA32 20110721
ViRobot 20110721
VirusBuster 20110720
eSafe 20110720
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Number of sections 8
PE sections
PE imports
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
UnrealizeObject
SetTextColor
SetROP2
SetBkMode
SetBkColor
SelectPalette
SelectObject
MoveToEx
GetTextMetricsA
GetSystemPaletteEntries
GetStockObject
GetDeviceCaps
GetCurrentPositionEx
DeleteObject
DeleteDC
CreatePenIndirect
CreatePalette
CreateFontIndirectA
CreateBrushIndirect
SelectPalette
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
WriteFile
WaitForSingleObject
VirtualQuery
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
MulDiv
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetThreadLocale
GetStringTypeExA
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
GetACP
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA
ReleaseDC
MessageBoxA
LoadStringA
LoadIconA
GetSystemMetrics
GetSysColor
GetDC
CharNextA
CharToOemA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
81920

LinkerVersion
2.25

EntryPoint
0x14e24

InitializedDataSize
4758016

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c8a695e4c411af859fa358eabb4127d1
SHA1 78e10150b3fd91b199adf0457a2e3902bc70eaf6
SHA256 54e80b6d08bedf9210e6a0cead297a36d34f12170568c672e70ff6f750a69a00
ssdeep
98304:vsx5cKI5xJvlO4RhEH2rf61ek/YJ7NOAi4sC1P5CnxOXCAKzO:vsx6KILJvfe2+ok/YJ7NOAi4sC1kwpK6

File size 4.6 MB ( 4840960 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2011-07-21 14:13:39 UTC ( 2 years, 9 months ago )
Last submission 2011-07-21 14:13:39 UTC ( 2 years, 9 months ago )
File names VD90c_2121.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!