× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 59cd3a39db06ece462bcf5e405295e31c69b35e3913e65fdce9f938de23f71f6
File name: SantasHat duper 0.5.3b.exe
Detection ratio: 8 / 46
Analysis date: 2012-12-06 18:00:26 UTC ( 1 year, 4 months ago ) View latest
Antivirus Result Update
BitDefender Trojan.Generic.KDV.803493 20121206
ESET-NOD32 a variant of MSIL/Injector.AUS 20121206
F-Secure Trojan.Generic.KDV.803493 20121206
Fortinet MSIL/Dropper.VAN!tr 20121206
GData Trojan.Generic.KDV.803493 20121206
MicroWorld-eScan Trojan.Generic.KDV.803493 20121206
SUPERAntiSpyware Trojan.Agent/Gen-Falleg 20121206
nProtect Trojan.Generic.KDV.803493 20121206
AVG 20121206
Agnitum 20121206
AhnLab-V3 20121206
AntiVir 20121206
Antiy-AVL 20121204
Avast 20121206
ByteHero 20121130
CAT-QuickHeal 20121206
ClamAV 20121206
Commtouch 20121206
Comodo 20121206
DrWeb 20121206
Emsisoft 20121206
F-Prot 20121206
Ikarus 20121206
Jiangmin 20121206
K7AntiVirus 20121206
Kaspersky 20121206
Kingsoft 20121206
Malwarebytes 20121206
McAfee 20121206
McAfee-GW-Edition 20121206
Microsoft 20121206
NANO-Antivirus 20121206
Norman 20121206
PCTools 20121206
Panda 20121206
Rising 20121206
Sophos 20121206
Symantec 20121206
TheHacker 20121206
TotalDefense 20121206
TrendMicro 20121206
TrendMicro-HouseCall 20121206
VBA32 20121205
VIPRE 20121206
ViRobot 20121206
eSafe 20121205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-12-05 05:59:59
Entry Point 0x0000E1DE
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 19
RT_GROUP_ICON 3
RT_VERSION 2
RT_MANIFEST 1
RT_MESSAGETABLE 1
Number of PE resources by language
NEUTRAL 25
ENGLISH US 1
ExifTool file metadata
LegalTrademarks
5qWxr6NMAg

SubsystemVersion
4.0

Comments
ZZK05oR9pH

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.0.5.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
GVdKDsMOqr

CharacterSet
Unicode

InitializedDataSize
284160

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
zzSuNmlKfC

FileVersion
6.0.5.0

TimeStamp
2012:12:05 05:59:59+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
cz2Xx83d7w.exe

ProductVersion
6.0.5.0

UninitializedDataSize
0

OSVersion
4.0

OriginalFilename
cz2Xx83d7w.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
g0PaJggXrc

CodeSize
49664

ProductName
sxs79yrjkO

ProductVersionNumber
6.0.5.0

EntryPoint
0xe1de

ObjectFileType
Executable application

AssemblyVersion
6.7.0.9

File identification
MD5 927ade58696351de6f03ab653d945fe7
SHA1 894e7774200d6a0504356550daba4af0a37a2284
SHA256 59cd3a39db06ece462bcf5e405295e31c69b35e3913e65fdce9f938de23f71f6
ssdeep
6144:8HnTVkrmqxqZEG3yfzSldvR7TYdUZmADaXqCLc5sW1WOlB:QnTuPQwSldZrcq+ctl

File size 326.5 KB ( 334336 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (94.8%)
Generic Win/DOS Executable (2.5%)
DOS Executable Generic (2.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-12-06 18:00:26 UTC ( 1 year, 4 months ago )
Last submission 2012-12-13 02:56:42 UTC ( 1 year, 4 months ago )
File names SantasHat duper 0.5.3b.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!