× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 550304a849ae4ba5e377114c6a8f1878698c9e59c880f00a5db2844276371b39
File name: lanst2.exe.ViR
Detection ratio: 0 / 40
Analysis date: 2012-07-11 19:43:31 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AntiVir 20120705
Antiy-AVL 20120705
Avast 20120705
AVG 20120705
BitDefender 20120705
CAT-QuickHeal 20120705
ClamAV 20120705
Commtouch 20120705
Comodo 20120705
DrWeb 20120706
Emsisoft 20120705
eSafe 20120705
F-Prot 20120705
F-Secure 20120706
Fortinet 20120705
GData 20120705
Ikarus 20120705
Jiangmin 20120705
K7AntiVirus 20120705
Kaspersky 20120705
McAfee 20120706
McAfee-GW-Edition 20120705
Microsoft 20120705
NOD32 20120705
Norman 20120705
nProtect 20120706
Panda 20120705
PCTools 20120705
Rising 20120705
Sophos AV 20120705
SUPERAntiSpyware 20120705
Symantec 20120706
TheHacker 20120704
TotalDefense 20120705
TrendMicro 20120706
TrendMicro-HouseCall 20120705
VBA32 20120705
VIPRE 20120705
ViRobot 20120705
VirusBuster 20120705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright

Product
Original name
Internal name
File version 1.0.0.0
Description
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-24 14:03:59
Entry Point 0x00001DF6
Number of sections 4
PE sections
Overlays
MD5 41d82927a5e228bc5bc7fcad68248125
File type data
Offset 20480
Size 1508195
Entropy 6.98
PE imports
GetLastError
LoadLibraryA
FreeLibrary
GetConsoleTitleA
GetVersionExA
GetModuleFileNameA
GetProcAddress
SetLastError
__p__fmode
malloc
sscanf
memset
strcat
_lseek
printf
fflush
_rmdir
strlen
strncpy
_except_handler3
_errno
_open
_getpid
exit
sprintf
memcmp
__setusermatherr
__p__commode
_close
_XcptFilter
_adjust_fdiv
free
getenv
atol
__getmainargs
calloc
_write
__p___initenv
_exit
_stat
strstr
_read
remove
strcpy
_mkdir
_initterm
_controlfp
__set_app_type
vsprintf
strcmp
_iob
MessageBoxA
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
12288

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2007:08:24 15:03:59+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1df6

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 a63d6203d1d7568868ebe7521406b057
SHA1 4c82e449d396c11064e4d6ebb5b10271be01e428
SHA256 550304a849ae4ba5e377114c6a8f1878698c9e59c880f00a5db2844276371b39
ssdeep
24576:ZOfk6YLzjxZm59XSwTwaWJFjOETU+lDOSq15uG3abCeqsNtb+2oQZ:P6o0CSwFp8153Peq8b+G

authentihash a64207fb950c32ea7a2a9c187cdece37b4eeeae4f7d0dfb2fa2036b4ac8c8e88
imphash 3201205a56a30111410d37d9c12832b7
File size 1.5 MB ( 1528675 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (32.2%)
UPX compressed Win32 Executable (31.5%)
Win32 EXE Yoda's Crypter (27.4%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2011-03-03 19:27:22 UTC ( 8 years ago )
Last submission 2016-08-18 12:07:27 UTC ( 2 years, 7 months ago )
File names 1342124341.lanst2.exe.ViR
550304a849ae4ba5e377114c6a8f1878698c9e59c880f00a5db2844276371b39
lanst2.exe
lanst2.exe.ViR
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Runtime DLLs
UDP communications