× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5c7b77635686f4f51945a16f4bec9eec6fbaebbb9c2a7b0f3401ac7afd7fceb9
File name: Signature Explorer.exe
Detection ratio: 40 / 51
Analysis date: 2014-04-08 01:18:57 UTC ( 4 years, 8 months ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKDZ.24222 20140408
Yandex TrojanSpy.Zbot!eKDu/sGYH70 20140407
AhnLab-V3 Spyware/Win32.Zbot 20140407
AntiVir TR/Agent.cada.20634 20140408
Antiy-AVL Trojan[Spy]/Win32.Zbot 20140407
Avast Win32:Crypt-QHO [Trj] 20140407
AVG Win32/Cryptor 20140407
Baidu-International Trojan.Win32.Zbot.az 20140407
BitDefender Trojan.GenericKDZ.24222 20140408
Commtouch W32/Trojan.FORC-5434 20140408
Comodo TrojWare.Win32.Injector.AWSZ 20140408
DrWeb Trojan.PWS.Panda.2401 20140408
Emsisoft Trojan.GenericKDZ.24222 (B) 20140408
ESET-NOD32 Win32/Spy.Zbot.AAO 20140408
F-Prot W32/Trojan2.OAHS 20140408
F-Secure Trojan.GenericKDZ.24222 20140407
Fortinet W32/Injector.ASZW!tr 20140407
GData Trojan.GenericKDZ.24222 20140408
Ikarus Trojan-Spy.Win32.Zbot 20140408
K7AntiVirus Spyware ( 0029a43a1 ) 20140407
K7GW Spyware ( 0029a43a1 ) 20140407
Kaspersky Trojan-Spy.Win32.Zbot.qvro 20140408
Kingsoft Win32.Troj.Zbot.qv.(kcloud) 20140408
Malwarebytes Trojan.FakeDOC 20140408
McAfee PWSZbot-FMT!7094D4DAD7A6 20140408
McAfee-GW-Edition PWSZbot-FMT!7094D4DAD7A6 20140408
Microsoft PWS:Win32/Zbot 20140408
eScan Trojan.GenericKDZ.24222 20140408
NANO-Antivirus Trojan.Win32.Zbot.cqrhjp 20140408
Norman Gamarue.BEA 20140407
nProtect Trojan-Spy/W32.ZBot.280793 20140408
Panda Trj/Zbot.M 20140407
Qihoo-360 Malware.QVM10.Gen 20140408
Sophos AV Troj/FakeAV-GZO 20140408
SUPERAntiSpyware Trojan.Agent/Gen-Symmi 20140408
Symantec Trojan.Zbot 20140408
TrendMicro TROJ_GEN.R047C0CLI13 20140408
TrendMicro-HouseCall TROJ_GEN.R047C0CLI13 20140407
VBA32 SScope.Worm.Ngrbot.2414 20140407
VIPRE Trojan.Win32.Generic!BT 20140407
AegisLab 20140408
Bkav 20140407
ByteHero 20140408
CAT-QuickHeal 20140407
ClamAV 20140408
CMC 20140407
Jiangmin 20140407
Rising 20140406
TheHacker 20140407
TotalDefense 20140407
ViRobot 20140407
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© 2008 Daniel Pistelli. All rights reserved.

Publisher Daniel Pistelli
Product Signature Explorer
Original name Signature Explorer.exe
Internal name Signature Explorer.exe
File version 2.0.0.0
Description Signature Explorer
Comments Signature Manager
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-12-08 23:46:33
Entry Point 0x00008341
Number of sections 4
PE sections
PE imports
AddFontResourceExA
CreateDCW
CreateDIBPatternBrush
AddFontResourceExW
ColorMatchToTarget
AngleArc
CreateCompatibleDC
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
SetHandleCount
LoadLibraryW
GetConsoleCP
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
HeapSetInformation
GetCurrentProcess
GetStartupInfoW
GetFileType
GetConsoleMode
GetStringTypeW
GetCurrentProcessId
GetProfileSectionW
GetProcessHeaps
WideCharToMultiByte
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetProcessHeap
SetStdHandle
FindNextVolumeMountPointA
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
DeleteCriticalSection
ReadFile
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
CloseHandle
OpenMutexW
GetACP
HeapReAlloc
DecodePointer
GetModuleHandleW
GetOEMCP
TerminateProcess
DnsHostnameToComputerNameW
IsValidCodePage
HeapCreate
CreateFileW
InterlockedDecrement
Sleep
SetLastError
GetTickCount
TlsSetValue
EncodePointer
OutputDebugStringA
LeaveCriticalSection
ExitProcess
WriteConsoleW
InterlockedIncrement
SendNotifyMessageA
DdeGetData
LoadMenuIndirectW
GetUpdateRgn
SetWindowsHookExW
UnregisterDeviceNotification
CreateWindowExW
ShowWindow
GetDlgItemTextW
DeleteMenu
FtpGetFileW
FtpRenameFileA
FtpGetCurrentDirectoryW
FtpGetCurrentDirectoryA
RetrieveUrlCacheEntryFileA
IsLoggingEnabledW
CreateFormatEnumerator
ObtainUserAgentString
Number of PE resources by type
JPEG 2
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
SAAMI ARABIC MOROCCO 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Signature Manager

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Signature Explorer

CharacterSet
Unicode

InitializedDataSize
220160

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
2008 Daniel Pistelli. All rights reserved.

FileVersion
2.0.0.0

TimeStamp
2013:12:09 00:46:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Signature Explorer.exe

FileAccessDate
2014:04:08 02:12:18+01:00

ProductVersion
2.0.0.0

UninitializedDataSize
0

OSVersion
5.0

FileCreateDate
2014:04:08 02:12:18+01:00

OriginalFilename
Signature Explorer.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Daniel Pistelli

CodeSize
58368

ProductName
Signature Explorer

ProductVersionNumber
2.0.0.0

EntryPoint
0x8341

ObjectFileType
Executable application

AssemblyVersion
2.0.0.0

File identification
MD5 7094d4dad7a695c8be63373d61363113
SHA1 f85967771b01132279ba73ac6ac10f50ff784375
SHA256 5c7b77635686f4f51945a16f4bec9eec6fbaebbb9c2a7b0f3401ac7afd7fceb9
ssdeep
6144:7xRTWc5MTOK/GtCUtGMlpUCO0Afcs/y4S5:7xkc5MTOKgCSRU5tLS5

imphash 3541cc26696c9cfeb7f07a38ba9b3550
File size 274.2 KB ( 280793 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-12-09 09:01:14 UTC ( 5 years ago )
Last submission 2013-12-09 09:01:14 UTC ( 5 years ago )
File names nodokludienestam.doc.scr
Signature Explorer.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs