× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 556140429ad90142a2f29ffdd63d68378a38f9c7b5dbf74ae3b08c4f825f1f3a
File name: file
Detection ratio: 6 / 48
Analysis date: 2013-10-06 22:10:09 UTC ( 6 months, 1 week ago )
Antivirus Result Update
Bkav HW32.CDB.6777 20131005
ESET-NOD32 Win32/Injector.ALXX 20131006
Jiangmin Backdoor/DarkKomet.fle 20130903
Kingsoft Win32.Hack.Darkkomet.bb.(kcloud) 20130829
VBA32 TrojanSpy.Zbot 20131005
VIPRE Trojan.Win32.Generic!BT 20131006
AVG 20131006
Agnitum 20131006
AhnLab-V3 20131006
AntiVir 20131006
Antiy-AVL 20131006
Avast 20131006
Baidu-International 20131006
BitDefender 20131006
ByteHero 20130924
CAT-QuickHeal 20131006
ClamAV 20131006
Commtouch 20131006
Comodo 20131006
DrWeb 20131006
Emsisoft 20131006
F-Prot 20131003
F-Secure 20131006
Fortinet 20131006
GData 20131006
Ikarus 20131006
K7AntiVirus 20131004
K7GW 20131004
Kaspersky 20131006
Malwarebytes 20131006
McAfee 20131006
McAfee-GW-Edition 20131006
MicroWorld-eScan 20131006
Microsoft 20131006
NANO-Antivirus 20131006
Norman 20131006
PCTools 20131002
Panda 20131006
Rising 20130930
SUPERAntiSpyware 20131006
Sophos 20131006
Symantec 20131006
TheHacker 20131004
TotalDefense 20131005
TrendMicro 20131006
TrendMicro-HouseCall 20131006
ViRobot 20131006
nProtect 20131006
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block
Copyright
Copyright Info

Publisher Your Company
Product Product Name
Version 1.0.0.0
File version 1.0.0.0
Description Product Description
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-26 19:08:03
Entry Point 0x00009416
Number of sections 4
PE sections
PE imports
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetFileAttributesA
SetConsoleMode
WaitForSingleObject
GetExitCodeProcess
GetEnvironmentStringsW
HeapDestroy
ExitProcess
SetConsoleTextAttribute
SetConsoleCursorPosition
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
HeapAlloc
GetCurrentProcess
GetVolumeInformationA
GetEnvironmentStrings
GetConsoleMode
CompareStringW
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
SetStdHandle
SetFilePointer
GetTempPathA
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
SetConsoleCursorInfo
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
CreateProcessA
LCMapStringA
WriteConsoleA
HeapCreate
VirtualFree
Sleep
GetFileType
SetEndOfFile
CreateFileA
GetTickCount
GetVersion
VirtualAlloc
CompareStringA
timeGetTime
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
16384

MIMEType
application/octet-stream

Subsystem
Windows command line

FileVersion
1.0.0.0

TimeStamp
2013:02:26 20:08:03+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

FileDescription
Product Description

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright Info

MachineType
Intel 386 or later, and compatibles

CompanyName
Your Company

CodeSize
61440

ProductName
Product Name

ProductVersionNumber
1.0.0.0

EntryPoint
0x9416

ObjectFileType
Dynamic link library

PE resource-wise parents
File identification
MD5 014543ee64491bac496fabda3f1c8932
SHA1 8731411f309d6bf29c708bd7292504ee18f68efa
SHA256 556140429ad90142a2f29ffdd63d68378a38f9c7b5dbf74ae3b08c4f825f1f3a
ssdeep
12288:SrAeSyeKQKMA3AcwjaGgkq0+p86mDqOjs4:EAZyFQKMAw27kURQqOjh

File size 424.1 KB ( 434271 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-10-06 22:10:09 UTC ( 6 months, 1 week ago )
Last submission 2013-10-06 22:10:09 UTC ( 6 months, 1 week ago )
File names file
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Opened mutexes
Runtime DLLs
DNS requests
TCP connections