× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5931bcb692874251193aa8b61cbc4f5b1d4bff5c72b8019ef68082a56a9a4393
File name: d6bf210e4fe64f97b7dbd62c6156a421.virus
Detection ratio: 52 / 63
Analysis date: 2017-07-10 16:21:46 UTC ( 4 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Win32.Sality.3 20170710
AhnLab-V3 Win32/Kashu.E 20170710
ALYac Win32.Sality.3 20170710
Antiy-AVL Virus/Win32.Sality.gen 20170710
Arcabit Win32.Sality.3 20170710
Avast Win32:SaliCode 20170710
AVG Win32:SaliCode 20170710
Avira (no cloud) W32/Sality.AT 20170710
AVware Virus.Win32.Sality.at (v) 20170710
Baidu Win32.Virus.Sality.gen 20170710
BitDefender Win32.Sality.3 20170710
Bkav W32.Sality.PE 20170710
CAT-QuickHeal W32.Sality.U 20170710
Comodo Virus.Win32.Sality.gen 20170710
Cylance Unsafe 20170710
Cyren W32/Sality.E.gen!Eldorado 20170710
DrWeb Win32.Sector.30 20170710
Emsisoft Win32.Sality.3 (B) 20170710
Endgame malicious (high confidence) 20170706
ESET-NOD32 Win32/Sality.NBA 20170710
F-Prot W32/Sality.E.gen!Eldorado 20170710
F-Secure Win32.Sality.3 20170710
GData Win32.Virus.Sality.A 20170710
Ikarus Virus.Win32.Sality 20170710
K7AntiVirus Virus ( f10001071 ) 20170710
K7GW Virus ( f10001071 ) 20170710
Kaspersky Virus.Win32.Sality.gen 20170710
Kingsoft Win32.Sality.lx.368640 20170710
MAX malware (ai score=89) 20170710
McAfee W32/Sality.gen.z 20170710
McAfee-GW-Edition BehavesLike.Win32.Evasion.hc 20170710
Microsoft Virus:Win32/Sality.AT 20170710
eScan Win32.Sality.3 20170710
NANO-Antivirus Virus.Win32.Sality.beygb 20170710
nProtect Virus/W32.Sality.D 20170710
Panda W32/Sality.AA 20170710
Qihoo-360 Virus.Win32.Sality.I 20170710
Rising Virus.Sality!1.A5BD (classic) 20170710
Sophos AV Mal/Sality-D 20170710
Symantec W32.Sality.AE 20170710
Tencent Virus.Win32.TuTu.Gen.200004 20170710
TheHacker W32/Sality.gen 20170709
TotalDefense Win32/Sality.AA 20170710
TrendMicro PE_SALITY.RL 20170710
TrendMicro-HouseCall PE_SALITY.RL 20170710
VBA32 Virus.Win32.Sality.bakc 20170710
VIPRE Virus.Win32.Sality.at (v) 20170710
ViRobot Win32.Sality.Gen.A 20170710
Yandex Win32.Sality.BL 20170707
Zillya Virus.Sality.Win32.25 20170707
ZoneAlarm by Check Point Virus.Win32.Sality.gen 20170710
Zoner Win32.Sality 20170710
AegisLab 20170710
Alibaba 20170710
ClamAV 20170710
CMC 20170710
CrowdStrike Falcon (ML) 20170420
Fortinet 20170629
Sophos ML 20170607
Jiangmin 20170710
Malwarebytes 20170710
Palo Alto Networks (Known Signatures) 20170710
SentinelOne (Static ML) 20170516
SUPERAntiSpyware 20170710
Symantec Mobile Insight 20170709
Trustlook 20170710
Webroot 20170710
WhiteArmor 20170706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product LAME
File version
Description LAME Setup
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
Overlays
MD5 4470cee4271b9afec532fee88d60ebff
File type data
Offset 132096
Size 473151
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
17920

ImageVersion
6.0

ProductName
LAME

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
LAME Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
37888

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9c40

ObjectFileType
Executable application

File identification
MD5 d6bf210e4fe64f97b7dbd62c6156a421
SHA1 79677bdcad448566a54d6649a7ea41b8283d8c35
SHA256 5931bcb692874251193aa8b61cbc4f5b1d4bff5c72b8019ef68082a56a9a4393
ssdeep
12288:vnaVqkTamfK7d2Sb8/iGpmTtcvS38LCJQBtdGs1rBLsJ:vnawkBgvb8/iGMxkS3rJQBtUkBgJ

authentihash eba684a382c5645f3ac665b9f894d569053b5ff74d59b5b6979b0fd4da7bb489
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 591.1 KB ( 605247 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-07-10 16:21:46 UTC ( 4 months, 2 weeks ago )
Last submission 2017-07-10 16:21:46 UTC ( 4 months, 2 weeks ago )
File names d6bf210e4fe64f97b7dbd62c6156a421.virus
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened service managers
Opened services
Runtime DLLs
UDP communications