× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 579cde945ad2bc13bd9dbf35848e9a2aac9257bb18034656dc9a40ebc8b37a95
File name: vt-upload-4u1V2
Detection ratio: 40 / 47
Analysis date: 2013-07-12 05:29:23 UTC ( 5 years, 7 months ago )
Antivirus Result Update
Yandex Win32.Virut.AB.Gen 20130711
AhnLab-V3 Win32/Virut.E 20130712
AntiVir W32/Virut.Gen 20130712
Avast Win32:Vitro 20130712
AVG Generic_r.OF 20130711
BitDefender Win32.Worm.Autorun.VN 20130712
CAT-QuickHeal Worm.Autorun.WT 20130711
ClamAV W32.Trojan.VB-13509 20130712
Commtouch W32/AutoRun.S.gen!Eldorado 20130712
Comodo TrojWare.Win32.Autorun.KVS 20130712
DrWeb Trojan.MulDrop4.1379 20130712
Emsisoft Win32.Worm.Autorun.VN (B) 20130712
ESET-NOD32 Win32/Virut.NBP 20130711
F-Prot W32/AutoRun.S.gen!Eldorado 20130712
F-Secure Win32.Worm.Autorun.VN 20130712
Fortinet W32/AutoRun.GP!worm 20130712
GData Win32.Worm.Autorun.VN 20130712
Ikarus Worm.Win32.AutoRun 20130712
Jiangmin Worm/AutoRun.vpd 20130712
K7AntiVirus EmailWorm 20130711
K7GW EmailWorm 20130711
Kaspersky Virus.Win32.Virut.ce 20130712
Malwarebytes Backdoor.Bot 20130712
McAfee W32/Autorun.worm.gp 20130712
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.I 20130711
Microsoft Worm:Win32/Wecykler.A 20130712
NANO-Antivirus Trojan.Win32.AutoRun.bkhof 20130712
Norman AutoRun.BVNA 20130711
Panda W32/Harakit.EY 20130711
PCTools Net-Worm.SillyFDC!rem 20130711
Rising Worm.Win32.Fednu.k 20130712
Sophos AV W32/Autorun-BDV 20130712
SUPERAntiSpyware Trojan.Agent/Gen-WinAlert 20130712
Symantec W32.SillyFDC 20130712
TotalDefense Win32/Virut.17408 20130711
TrendMicro WORM_OTORUN.SMXY 20130712
TrendMicro-HouseCall TROJ_GEN.F47V0426 20130712
VBA32 Worm.AutoRun 20130711
VIPRE Virus.Win32.Virut.ce (v) 20130712
ViRobot Win32.Virut.AL 20130712
Antiy-AVL 20130711
ByteHero 20130613
eSafe 20130709
Kingsoft 20130708
eScan 20130712
nProtect 20130712
TheHacker 20130711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-02-14 06:28:47
Entry Point 0x00005581
Number of sections 4
PE sections
PE imports
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetKernelObjectSecurity
CreateToolhelp32Snapshot
GetSystemTime
GetLastError
HeapFree
CopyFileW
GetDriveTypeW
GetComputerNameW
ReleaseMutex
HeapCreate
GetModuleFileNameW
FindVolumeClose
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
GetFileAttributesW
GlobalAlloc
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
HeapAlloc
GetCurrentProcess
Module32FirstW
GetCurrentProcessId
OpenProcess
UnhandledExceptionFilter
SetErrorMode
GetStartupInfoW
CreateDirectoryW
DeleteFileW
ReadFile
InterlockedCompareExchange
Process32FirstW
CreateFileMappingW
CreateThread
MapViewOfFile
SetFilePointer
GetSystemDirectoryW
FindNextFileW
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
Process32NextW
CreateMutexW
WaitForSingleObject
GetSystemTimeAsFileTime
FindFirstFileW
SetPriorityClass
TerminateProcess
ResumeThread
UnmapViewOfFile
CreateFileW
VirtualQuery
Sleep
SetFileAttributesW
GetTickCount
GetCurrentThreadId
GetFileSize
FindFirstVolumeW
CloseHandle
__p__fmode
malloc
__wgetmainargs
memset
__dllonexit
_controlfp_s
wcscpy_s
_invoke_watson
fflush
_amsg_exit
_lock
_onexit
_unlock
exit
wcscat_s
_encode_pointer
__setusermatherr
_initterm_e
__p__commode
_wcmdln
_cexit
_wcsicmp
rand_s
_crt_debugger_hook
_adjust_fdiv
free
_except_handler4_common
_wfopen
fwprintf
_decode_pointer
_exit
_XcptFilter
perror
_vsnwprintf_s
_configthreadlocale
_initterm
__set_app_type
ShellExecuteW
GetAsyncKeyState
GetKeyNameTextW
CharLowerW
MapVirtualKeyW
GetKeyState
Number of PE resources by type
RT_ICON 26
RT_GROUP_ICON 2
RT_DIALOG 1
H 1
RT_MANIFEST 1
RT_STRING 1
RT_MENU 1
RT_ACCELERATOR 1
Number of PE resources by language
ENGLISH ARABIC QATAR 33
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:02:14 07:28:47+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
8.0

EntryPoint
0x5581

InitializedDataSize
278528

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 c6a7f13a91e5618bfc45ccd49a7fc29f
SHA1 80060ed96c80c4d86423f147e64d214398585a6e
SHA256 579cde945ad2bc13bd9dbf35848e9a2aac9257bb18034656dc9a40ebc8b37a95
ssdeep
3072:MtNfYGSGtGSGOGOGlGln+VD/m8ClX0kUb+16H6b5p8I0yH/JN8HOWShM+L7aL75a:MMbELf/MR/cWdi5pV/JNWOVhMpmDOy

File size 320.5 KB ( 328198 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-26 10:48:51 UTC ( 5 years, 10 months ago )
Last submission 2013-07-12 05:29:23 UTC ( 5 years, 7 months ago )
File names c6a7f13a91e5618bfc45ccd49a7fc29f.80060ed96c80c4d86423f147e64d214398585a6e
vt-upload-4u1V2
WinSysApp.exe
vt-upload-nLR1Q
Commgr.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!