× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5a400d96e3fef785b460b01c175b4732231a84522fc96dcbc8f63a1cf38911b2
File name: 440689
Detection ratio: 1 / 67
Analysis date: 2019-04-15 10:12:03 UTC ( 1 month, 1 week ago ) View latest
Antivirus Result Update
CMC AdWare.Win32!O 20190321
Acronis 20190415
Ad-Aware 20190415
AegisLab 20190415
AhnLab-V3 20190415
Alibaba 20190402
ALYac 20190415
Antiy-AVL 20190415
Arcabit 20190415
Avast 20190415
Avast-Mobile 20190415
AVG 20190415
Avira (no cloud) 20190415
Babable 20180918
Baidu 20190318
BitDefender 20190415
Bkav 20190412
CAT-QuickHeal 20190414
ClamAV 20190415
Comodo 20190415
CrowdStrike Falcon (ML) 20190212
Cybereason 20190403
Cyren 20190415
DrWeb 20190415
eGambit 20190415
Emsisoft 20190415
Endgame 20190403
ESET-NOD32 20190415
F-Secure 20190415
FireEye 20190415
Fortinet 20190415
GData 20190415
Ikarus 20190415
Sophos ML 20190313
Jiangmin 20190415
K7AntiVirus 20190415
K7GW 20190415
Kaspersky 20190415
Kingsoft 20190415
Malwarebytes 20190415
MAX 20190415
McAfee 20190415
McAfee-GW-Edition 20190415
Microsoft 20190415
eScan 20190415
NANO-Antivirus 20190415
Palo Alto Networks (Known Signatures) 20190415
Panda 20190414
Qihoo-360 20190415
Rising 20190415
SentinelOne (Static ML) 20190407
Sophos AV 20190415
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190415
Tencent 20190415
TheHacker 20190411
TotalDefense 20190413
Trapmine 20190325
TrendMicro-HouseCall 20190415
Trustlook 20190415
VBA32 20190415
VIPRE 20190415
ViRobot 20190415
Yandex 20190412
Zillya 20190412
ZoneAlarm by Check Point 20190415
Zoner 20190415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BED8
Number of sections 8
PE sections
Overlays
MD5 1a1235bea3d8efe2841f087c7744ccae
File type data
Offset 61440
Size 859083
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
DUTCH 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 22:22:17+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46592

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
16384

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xbed8

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f6977e5a6c6cad85eabc4255e7b7b574
SHA1 9a0184d6be33be66f10ea68429769692ab02566b
SHA256 5a400d96e3fef785b460b01c175b4732231a84522fc96dcbc8f63a1cf38911b2
ssdeep
24576:MokNxMgGWibPXoKsf/4eB4XlBhcfgYOXjFMbxUvZ:MokxnibPXobf/4eilIfITFMbxUvZ

authentihash 5cd1658d8960b86ad6174516961fa04db99d1de58ba5c58b6a6fd314eee02b56
imphash 0c97c38021e73ae3921565566bcfaa66
File size 898.9 KB ( 920523 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2007-11-27 15:51:14 UTC ( 11 years, 5 months ago )
Last submission 2018-05-22 04:43:03 UTC ( 1 year ago )
File names vM67.js
T4XVyLQDQ.xlsx
output.17071377.txt
smona132586947215936798845
aa
440689
17071377
smona_5a400d96e3fef785b460b01c175b4732231a84522fc96dcbc8f63a1cf38911b2.bin
cacheboe.exe
smona130925151574427290971
file-5374859_ViR
1327561682-setupcbe.exe
setupcbe.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!