× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 5fed90535b3b0e87a2157b28a78bd49e68c4de5b6c9bcda3270659884c31a018
File name: MiniNot.exe
Detection ratio: 1 / 46
Analysis date: 2012-12-24 10:04:57 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
AVG unknown virus Win32/DH{IC4PZCIl} 20121224
Yandex 20121223
AhnLab-V3 20121223
AntiVir 20121224
Antiy-AVL 20121224
Avast 20121224
BitDefender 20121224
ByteHero 20121212
CAT-QuickHeal 20121224
ClamAV 20121224
Commtouch 20121224
Comodo 20121224
DrWeb 20121224
Emsisoft 20121224
eSafe 20121220
ESET-NOD32 20121223
F-Prot 20121224
F-Secure 20121224
Fortinet 20121224
GData 20121224
Ikarus 20121224
Jiangmin 20121221
K7AntiVirus 20121221
Kaspersky 20121224
Kingsoft 20121217
Malwarebytes 20121224
McAfee 20121224
McAfee-GW-Edition 20121224
Microsoft 20121224
eScan 20121224
NANO-Antivirus 20121224
Norman 20121224
nProtect 20121224
Panda 20121223
PCTools 20121224
Rising 20121224
Sophos AV 20121224
SUPERAntiSpyware 20121223
Symantec 20121224
TheHacker 20121223
TotalDefense 20121224
TrendMicro 20121224
TrendMicro-HouseCall 20121224
VBA32 20121223
VIPRE 20121224
ViRobot 20121224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2011 freedelphi

Product Mini Not
Original name mininot.exe
Internal name mininot.exe
File version 1, 5, 0, 0
Description Mini Not
Comments shenturk.com
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-12-19 12:41:57
Entry Point 0x0005B3F0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SHGetFolderPathW
RegCloseKey
_TrackMouseEvent
ChooseFontW
CreatePen
GdipFree
cairo_fill
CoInitialize
VariantCopy
ShellExecuteW
InternetOpenA
timeEndPeriod
Number of PE resources by type
PNG 30
RT_STRING 14
RT_ICON 4
RT_MENU 3
RT_DIALOG 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 55
PE resources
ExifTool file metadata
LegalTrademarks
Copyright 2011 freedelphi

SubsystemVersion
4.0

Comments
shenturk.com

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.5.0.0

LanguageCode
Turkish

FileFlagsMask
0x003f

FileDescription
Mini Not

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x5b3f0

OriginalFileName
mininot.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2011 freedelphi

FileVersion
1, 5, 0, 0

TimeStamp
2011:12:19 13:41:57+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mininot.exe

ProductVersion
1, 5, 0, 0

UninitializedDataSize
237568

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
shenturk.com

CodeSize
135168

ProductName
Mini Not

ProductVersionNumber
1.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 507caf0826125f8ab1c3a36b5d67a62e
SHA1 1ec49d6232f4cf4f0a26d9014e44f7bdb44ad3cf
SHA256 5fed90535b3b0e87a2157b28a78bd49e68c4de5b6c9bcda3270659884c31a018
ssdeep
3072:SPzl1hFhXnTJqQUZ1Nft56psoM4EkaP8brbGMwppHkloW7u:SPzlNh3TJq7ZeM4yP8b/FwppHGF

authentihash 84baefbd79e86e44b962dda1f4d98e3d4ad1f489e8b929688401410900ec9077
imphash e5321cecbaa879fa386d951a96492fff
File size 153.0 KB ( 156672 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Win16/32 Executable Delphi generic (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-12-19 18:08:38 UTC ( 5 years, 12 months ago )
Last submission 2017-05-26 06:40:05 UTC ( 6 months, 3 weeks ago )
File names mininot.exe
MiniNot.exe
30364C56006B10196461022E90568900AF765E7C.exe
mininot.exe
DPYRNOYKXL-393.pms.exe.SVD
MiniNot.exe
MiniNot.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0714.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications