× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 577254e28c7db05091e0f7ea063a6505b84276475b94530cbac93f8c9379a4f9
File name: setiathome_7.00_windows_intelx86_repacked.exe
Detection ratio: 0 / 46
Analysis date: 2013-05-30 19:38:37 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
AVG 20130530
Agnitum 20130530
AhnLab-V3 20130530
AntiVir 20130530
Antiy-AVL 20130530
Avast 20130530
BitDefender 20130530
ByteHero 20130529
CAT-QuickHeal 20130530
ClamAV 20130530
Commtouch 20130530
Comodo 20130530
DrWeb 20130530
ESET-NOD32 20130530
Emsisoft 20130530
F-Prot 20130530
F-Secure 20130530
Fortinet 20130530
GData 20130530
Ikarus 20130530
Jiangmin 20130530
K7AntiVirus 20130530
K7GW 20130530
Kaspersky 20130530
Kingsoft 20130506
Malwarebytes 20130530
McAfee 20130530
McAfee-GW-Edition 20130530
MicroWorld-eScan 20130530
Microsoft 20130530
NANO-Antivirus 20130530
Norman 20130530
PCTools 20130521
Panda 20130530
Rising 20130530
SUPERAntiSpyware 20130530
Sophos 20130530
Symantec 20130530
TheHacker 20130528
TotalDefense 20130530
TrendMicro 20130530
TrendMicro-HouseCall 20130530
VBA32 20130530
VIPRE 20130530
ViRobot 20130530
eSafe 20130530
nProtect 20130530
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright 2011, Regents University of California

Publisher Space Sciences Laboratory
Product setiathome_v7
Internal name setiathome_v7
File version 7.00
Description setiathome_v7
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-13 21:41:27
Entry Point 0x002088F0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
EnumProcesses
GetClassNameA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
4096

ImageVersion
1.0

ProductName
setiathome_v7

FileVersionNumber
7.0.0.0

UninitializedDataSize
1683456

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

LinkerVersion
2.21

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.0

TimeStamp
2013:03:13 22:41:27+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setiathome_v7

ProductVersion
7.0

FileDescription
setiathome_v7

OSVersion
4.0

FileOS
Unknown (0)

LegalCopyright
Copyright 2011, Regents University of California

MachineType
Intel 386 or later, and compatibles

CompanyName
Space Sciences Laboratory

CodeSize
446464

FileSubtype
0

ProductVersionNumber
7.0.0.0

EntryPoint
0x2088f0

ObjectFileType
Executable application

File identification
MD5 fa05582dd22f543e18f0f024f3477eb3
SHA1 ad793d9e8ccae70afa8f24c2a644da94ec3d12ac
SHA256 577254e28c7db05091e0f7ea063a6505b84276475b94530cbac93f8c9379a4f9
ssdeep
12288:oE7s0jvAk+h+UEDfaA4Z9WfqUzjwIbDapF9ijRukLOH:vXAd+Xf6fWiWyF9C5LOH

File size 438.0 KB ( 448512 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-05-30 19:38:37 UTC ( 10 months, 3 weeks ago )
Last submission 2013-09-10 07:43:56 UTC ( 7 months, 1 week ago )
File names output.14910271.txt
setiathome_7.00_windows_intelx86_repacked.exe
file-5537917_exe
setiathome_v7
14910271
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!