× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6307a60f2ada31c9bea047d116e5831acdd58e74a30eb59e8cf67121f4912355
File name: inst.exe
Detection ratio: 7 / 56
Analysis date: 2016-12-05 18:47:53 UTC ( 1 year ago ) View latest
Antivirus Result Update
AegisLab Heur.Advml.Gen!c 20161205
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20161205
CrowdStrike Falcon (ML) malicious_confidence_89% (W) 20161024
Sophos ML backdoor.win32.vawtrak.o 20161202
Kaspersky UDS:DangerousObject.Multi.Generic 20161205
Qihoo-360 HEUR/QVM20.1.A031.Malware.Gen 20161205
Symantec Heur.AdvML.B 20161205
Ad-Aware 20161205
AhnLab-V3 20161205
Alibaba 20161205
ALYac 20161205
Antiy-AVL 20161205
Arcabit 20161205
Avast 20161205
AVG 20161205
Avira (no cloud) 20161205
AVware 20161205
BitDefender 20161205
Bkav 20161205
CAT-QuickHeal 20161205
ClamAV 20161205
CMC 20161205
Comodo 20161205
Cyren 20161205
DrWeb 20161205
Emsisoft 20161205
ESET-NOD32 20161205
F-Prot 20161205
F-Secure 20161205
Fortinet 20161205
GData 20161205
Ikarus 20161205
Jiangmin 20161205
K7AntiVirus 20161205
K7GW 20161205
Kingsoft 20161205
Malwarebytes 20161205
McAfee 20161205
McAfee-GW-Edition 20161205
Microsoft 20161205
eScan 20161205
NANO-Antivirus 20161205
nProtect 20161205
Panda 20161205
Rising 20161205
Sophos AV 20161205
SUPERAntiSpyware 20161205
Tencent 20161205
TheHacker 20161130
TrendMicro 20161205
TrendMicro-HouseCall 20161205
Trustlook 20161205
VBA32 20161205
VIPRE 20161205
ViRobot 20161205
WhiteArmor 20161125
Yandex 20161205
Zillya 20161202
Zoner 20161205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2015 Baidu, Inc. All rights reserved.

Product Baidu PC Faster
Internal name Baidu PC Faster
File version 5,1,3,126471
Description Facebook Repair
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-06 04:49:39
Entry Point 0x0000648A
Number of sections 8
PE sections
PE imports
GetStockObject
GetSystemTime
GetLastError
WriteConsoleInputVDMA
TerminateThread
WriteConsoleInputA
GetExitCodeProcess
CreateTimerQueue
IsDebuggerPresent
DebugBreak
CallNamedPipeA
VirtualProtect
lstrcmpiW
LoadLibraryA
VerifyVersionInfoW
GetCurrentProcess
GetDateFormatA
GetWindowsDirectoryW
SetThreadPriority
AddAtomA
CreateDirectoryA
GetWindowsDirectoryA
EnumSystemLocalesW
SetProcessAffinityMask
CancelIo
GetCurrentThread
SuspendThread
CreateHardLinkA
WideCharToMultiByte
GetModuleHandleA
IsSystemResumeAutomatic
GetDiskFreeSpaceW
GlobalAddAtomA
FindResourceExW
DeleteAtom
GetTimeFormatA
IsProcessorFeaturePresent
GetCompressedFileSizeA
GetSystemTimes
SetThreadIdealProcessor
MoveFileExA
GetBinaryTypeA
GetCurrentDirectoryW
BuildCommDCBAndTimeoutsA
GetCommState
GetBinaryTypeW
RemoveLocalAlternateComputerNameW
Sleep
SetMailslotInfo
GetLocaleInfoW
GetCurrencyFormatW
CreateHardLinkW
CharPrevA
AnimateWindow
IntersectRect
SetMenuItemBitmaps
DlgDirListComboBoxW
SetClassLongW
BroadcastSystemMessageA
GetClassInfoExA
RegisterClassExW
GetShellWindow
FlashWindow
FlashWindowEx
SetClipboardViewer
GetClipboardViewer
HiliteMenuItem
MessageBoxW
GetWindowRect
InflateRect
BroadcastSystemMessageExA
MoveWindow
DdeKeepStringHandle
GetClipboardFormatNameW
RegisterDeviceNotificationW
FillRect
LoadCursorFromFileW
GetWindow
GetSysColor
SetActiveWindow
SetScrollInfo
RegisterClassExA
ReleaseDC
DdeInitializeA
LoadMenuA
GetIconInfo
LoadStringA
GetClassLongW
PtInRect
GetSystemMetrics
IsWindowEnabled
UnionRect
GetThreadDesktop
GetAltTabInfoW
LoadAcceleratorsA
FindWindowExA
LoadCursorA
LoadIconA
LoadStringW
GetKeyboardLayout
TranslateAcceleratorA
GetRawInputBuffer
GetFocus
GetTabbedTextExtentW
GetActiveWindow
CharNextW
GetMenuItemInfoW
SCardListInterfacesW
SCardForgetReaderW
SCardAddReaderToGroupW
SCardLocateCardsA
SCardRemoveReaderFromGroupA
SCardGetAttrib
SCardGetStatusChangeW
SCardForgetCardTypeW
SCardLocateCardsByATRA
SCardState
SCardGetCardTypeProviderNameW
SCardGetProviderIdW
SCardIsValidContext
SCardListInterfacesA
SCardReleaseContext
SCardListCardsW
SCardReleaseStartedEvent
SCardListReaderGroupsW
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
5.1.3.60935

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
173568

EntryPoint
0x648a

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2015 Baidu, Inc. All rights reserved.

FileVersion
5,1,3,126471

TimeStamp
2015:08:06 05:49:39+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Baidu PC Faster

ProductVersion
5,1,3,126471

FileDescription
Facebook Repair

OSVersion
6.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Baidu, Inc.

CodeSize
27648

ProductName
Baidu PC Faster

ProductVersionNumber
5.1.3.60935

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 9b4bbc8f7f9bfbbbf102ce01fe47e70d
SHA1 b47abf0283be9dfce50793e4653bb8af38d46a93
SHA256 6307a60f2ada31c9bea047d116e5831acdd58e74a30eb59e8cf67121f4912355
ssdeep
3072:Bpg8kcQmmZzeH3/OGHiKFAefrD61Ig45Fy9aQANk:Bpg8jHWGHb6ef6yfGa3

authentihash cf2c2ec0dfaac682f4941c21a5eb3543b5587b4a78c26122e1820937f39994da
imphash 68f54710cb8d20d8e087f8f4517d4b7f
File size 209.5 KB ( 214528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2016-12-05 15:44:23 UTC ( 1 year ago )
Last submission 2017-08-21 18:16:27 UTC ( 3 months, 4 weeks ago )
File names inst.exe
b47abf0283be9dfce50793e4653bb8af38d46a93
B47ABF0283BE9DFCE50793E4653BB8AF38D46A93.dat
abc8cb9ca35161f5e7822ab6204b0e02
Baidu PC Faster
inst.com
Padve.exe
output.104739074.txt
Xihze.exe
6307a60f2ada31c9bea047d116e5831acdd58e74a30eb59e8cf67121f4912355
Feblit.exe
458_11_07_2016_15_34_40_inst.exe.malware.MRG
b47abf0283be9dfce50793e4653bb8af38d46a93.exe
9b4bbc8f7f9bfbbbf102ce01fe47e70d.exe
994c3187447f13d195a79838ced46111
b47abf0283be9dfce50793e4653bb8af38d46a93
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!