× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5be8c3a0b9fccaa4a47cd82e2f62c5d168ad6bc4289a1457890d2e7efeae91e9
File name: 123915
Detection ratio: 2 / 57
Analysis date: 2016-03-24 20:04:03 UTC ( 3 years, 2 months ago ) View latest
Antivirus Result Update
CMC Trojan-Mailfinder.Win32.Agent!O 20160322
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 [F] 20160324
Ad-Aware 20160324
AegisLab 20160324
Yandex 20160316
AhnLab-V3 20160324
Alibaba 20160323
ALYac 20160324
Antiy-AVL 20160324
Arcabit 20160324
Avast 20160324
AVG 20160324
Avira (no cloud) 20160324
AVware 20160324
Baidu 20160324
Baidu-International 20160324
BitDefender 20160324
Bkav 20160324
ByteHero 20160324
CAT-QuickHeal 20160323
ClamAV 20160324
Comodo 20160324
Cyren 20160324
DrWeb 20160324
Emsisoft 20160324
ESET-NOD32 20160324
F-Prot 20160324
F-Secure 20160324
Fortinet 20160324
GData 20160324
Ikarus 20160324
Jiangmin 20160324
K7AntiVirus 20160324
K7GW 20160323
Kaspersky 20160324
Malwarebytes 20160324
McAfee 20160324
McAfee-GW-Edition 20160324
Microsoft 20160324
eScan 20160324
NANO-Antivirus 20160324
nProtect 20160324
Panda 20160324
Qihoo-360 20160324
Sophos AV 20160324
SUPERAntiSpyware 20160324
Symantec 20160324
Tencent 20160324
TheHacker 20160324
TotalDefense 20160324
TrendMicro 20160324
TrendMicro-HouseCall 20160324
VBA32 20160324
VIPRE 20160324
ViRobot 20160324
Zillya 20160324
Zoner 20160324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BF98
Number of sections 8
PE sections
Overlays
MD5 db9701a600c8e7ab62b20e290b7d5247
File type data
Offset 61952
Size 1250463
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
GetExitCodeProcess
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
47104

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
16384

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xbf98

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 45335b686a8d13fe9a0ae9ecb87d487e
SHA1 e92d385b170e9d0c998120335bd1e094938f7012
SHA256 5be8c3a0b9fccaa4a47cd82e2f62c5d168ad6bc4289a1457890d2e7efeae91e9
ssdeep
24576:oVydTn+Si4OMRTjk6HiFCrfUlp7vZBkBThYstTI/nQP5U:oVydT+N4DRTo0frfAFrkJhYs1CnAU

authentihash f17cfb7026b8f573aa4dc4042cd8689db7e1a93da27d6fc2cd16c392dfa0334f
imphash e2c1f18f75da1944b68774c16f2adcef
File size 1.3 MB ( 1312415 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-04-25 17:24:51 UTC ( 8 years, 1 month ago )
Last submission 2019-04-30 17:28:23 UTC ( 3 weeks, 4 days ago )
File names 5BE8C3A0B9FCCAA4A47CD82E2F62C5D168AD6BC4289A1457890D2E7EFEAE91E9
45335b686a8d13fe9a0ae9ecb87d487e
20161211102431
pds-mdb-xls-demo.exe
output.11472232.txt
11472232
5EC3B9489FCB1D42064B14150C678C00C223C266.exe
123915
pds-mdb-xls-demo.exe
file-2387016_swat
pds-mdb-xls-demo.exe
1347834686-pds-mdb-xls-demo.exe
pds-mdb-xls-demo.exe
1381244704-pds-mdb-xls-demo.exe
aa
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!