× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5580c303f71e1953df06284f85ae9945b5409ea8990cc610c4273fe1c2c6d085
File name: we3r.exe
Detection ratio: 3 / 40
Analysis date: 2012-07-12 20:20:11 UTC ( 6 years, 7 months ago ) View latest
Antivirus Result Update
Avast Win32:Crypt-NHP [Trj] 20120712
GData Win32:Crypt-NHP 20120712
McAfee PWS-Zbot.gen.afr 20120712
AhnLab-V3 20120712
AntiVir 20120712
Antiy-AVL 20120712
AVG 20120712
BitDefender 20120712
ByteHero 20120704
CAT-QuickHeal 20120712
ClamAV 20120712
Commtouch 20120712
Emsisoft 20120712
eSafe 20120712
F-Prot 20120712
F-Secure 20120712
Fortinet 20120712
Ikarus 20120712
Jiangmin 20120711
K7AntiVirus 20120712
Kaspersky 20120712
McAfee-GW-Edition 20120712
Microsoft 20120712
NOD32 20120712
Norman 20120712
nProtect 20120712
Panda 20120712
PCTools 20120712
Rising 20120712
Sophos AV 20120712
SUPERAntiSpyware 20120712
Symantec 20120712
TheHacker 20120711
TotalDefense 20120712
TrendMicro 20120712
TrendMicro-HouseCall 20120712
VBA32 20120712
VIPRE 20120712
ViRobot 20120712
VirusBuster 20120712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-07-12 14:00:18
Entry Point 0x00001000
Number of sections 4
PE sections
Overlays
MD5 8bd12c368d5141865648600dd09557fc
File type data
Offset 17920
Size 218459
Entropy 8.00
PE imports
HeapAlloc
InitializeCriticalSection
HeapFree
GetModuleHandleA
HeapCreate
GetExitCodeProcess
HeapDestroy
ExitProcess
CloseHandle
GetCommandLineA
HeapReAlloc
memset
strlen
memcpy
strncpy
CallWindowProcA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:07:12 16:00:18+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13312

LinkerVersion
2.5

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x1000

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 8719cce411d78d57dd754c9542ba8e92
SHA1 02bbc6811e71c8891c61301534bc89e4012d094b
SHA256 5580c303f71e1953df06284f85ae9945b5409ea8990cc610c4273fe1c2c6d085
ssdeep
6144:qP77IZDr3E6E7Rp0MUeSFD4CKlQxsFWca6eY6e:qP77I66O4igkkxKere

authentihash 9a8df213107943db3698ad397e792a806bd5cae1a180d4413a22a63fde966f4d
imphash eadb8d0b4d9c6a2978e8a1fb54e2a52e
File size 230.8 KB ( 236379 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PureBasic (generic) (69.2%)
Win64 Executable (generic) (18.1%)
Win32 Dynamic Link Library (generic) (4.3%)
Win32 Executable (generic) (2.9%)
Win16/32 Executable Delphi generic (1.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-07-12 20:20:11 UTC ( 6 years, 7 months ago )
Last submission 2019-01-27 19:48:58 UTC ( 3 weeks, 6 days ago )
File names 5580c303f71e1953df06284f85ae9945b5409ea8990cc610c4273fe1c2c6d085.bin
we3r.exe
afd1b4d464d75aec0f6975a7a3a5f3467e800540aa4076b5b850be0a1b3e56d3b0cfb0bf982a9110b444be79d22f0b87c52a4703507d0760e64001454f93e09e
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications