× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6426b14c18801f3b3aa78763dceffc1ded65bfb5bcde6ff036ab1c8f823dd2c2
File name: 11482006
Detection ratio: 0 / 55
Analysis date: 2015-10-08 23:56:35 UTC ( 1 year, 11 months ago )
Antivirus Result Update
Ad-Aware 20151009
AegisLab 20151008
Yandex 20151008
AhnLab-V3 20151008
Alibaba 20151008
ALYac 20151009
Antiy-AVL 20151009
Arcabit 20151009
Avast 20151009
AVG 20151009
Avira (no cloud) 20151009
AVware 20151008
Baidu-International 20151008
BitDefender 20151009
Bkav 20151008
ByteHero 20151009
CAT-QuickHeal 20151008
ClamAV 20151009
CMC 20151008
Comodo 20151009
Cyren 20151009
DrWeb 20151009
Emsisoft 20151009
ESET-NOD32 20151009
F-Prot 20151009
F-Secure 20151008
Fortinet 20151009
GData 20151009
Ikarus 20151008
K7AntiVirus 20151008
K7GW 20151008
Kingsoft 20151009
Malwarebytes 20151008
McAfee 20151009
McAfee-GW-Edition 20151008
Microsoft 20151008
eScan 20151009
NANO-Antivirus 20151008
nProtect 20151008
Panda 20151008
Qihoo-360 20151009
Rising 20151008
Sophos AV 20151008
SUPERAntiSpyware 20151008
Symantec 20151006
Tencent 20151009
TheHacker 20151008
TotalDefense 20151009
TrendMicro 20151009
TrendMicro-HouseCall 20151009
VBA32 20151008
VIPRE 20151009
ViRobot 20151009
Zillya 20151008
Zoner 20151008
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Install Stub 32-bit
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1999-10-06 10:33:39
Entry Point 0x00001020
Number of sections 7
PE sections
Overlays
MD5 9b4ac2f73f031b531ed5d47ca9eecee4
File type data
Offset 7680
Size 9859491
Entropy 8.00
PE imports
lstrlenA
FreeLibrary
ExitProcess
GetModuleFileNameA
LoadLibraryA
GetWindowsDirectoryA
lstrcatA
DeleteFileA
GetCurrentDirectoryA
GetProcAddress
GetModuleHandleA
GetTempPathA
CompareStringA
SetFilePointer
ReadFile
WriteFile
CloseHandle
lstrcpyA
VirtualFree
CreateFileA
VirtualAlloc
InterlockedIncrement
wsprintfA
LoadCursorA
MessageBoxA
FindWindowA
ShowWindow
SetCursor
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1999:10:06 11:33:39+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2560

LinkerVersion
3.0

FileTypeExtension
exe

InitializedDataSize
4608

SubsystemVersion
4.0

EntryPoint
0x1020

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e8f0e28f7c80dbf6d25f6d0e51ed8daf
SHA1 9d44b3734380594cef791009103b9555843b8383
SHA256 6426b14c18801f3b3aa78763dceffc1ded65bfb5bcde6ff036ab1c8f823dd2c2
ssdeep
196608:qsqyk+dE0ajUsa17cxQsaddgsKgC5drjvacQL+5lMqd6aYgAYKMctlcFH8:qKkMcUrLdgtzrjxflvd601KMc9

authentihash 1132a298ed895f3a1761048ecc778d0fd2d3565996b2126ef720b786c0d73b14
imphash a3cd138f09c17f81fb64526d63cb2df6
File size 9.4 MB ( 9867171 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (50.1%)
Win64 Executable (generic) (32.2%)
Win32 Dynamic Link Library (generic) (7.6%)
Win32 Executable (generic) (5.2%)
Generic Win/DOS Executable (2.3%)
Tags
installstub peexe overlay

VirusTotal metadata
First submission 2010-10-14 11:57:36 UTC ( 6 years, 11 months ago )
Last submission 2014-05-26 13:50:47 UTC ( 3 years, 3 months ago )
File names mfdkutuphaneprogrami.exe
output.11482006.txt
kHD3d.gif
11482006
octet-stream
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Runtime DLLs
UDP communications