× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6681a195f420ee962c6fae41ed82522182cf5417a958f0ea9f3717b4b4f6a60a
File name: 438534
Detection ratio: 0 / 56
Analysis date: 2016-01-11 01:17:22 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160111
AegisLab 20160110
Yandex 20160108
AhnLab-V3 20160110
Alibaba 20160109
ALYac 20160111
Antiy-AVL 20160110
Arcabit 20160111
Avast 20160111
AVG 20160111
Avira (no cloud) 20160110
AVware 20160110
Baidu-International 20160110
BitDefender 20160111
Bkav 20160109
ByteHero 20160111
CAT-QuickHeal 20160109
ClamAV 20160110
CMC 20160107
Comodo 20160111
Cyren 20160111
DrWeb 20160111
Emsisoft 20160111
ESET-NOD32 20160111
F-Prot 20160111
F-Secure 20160108
Fortinet 20160110
GData 20160111
Ikarus 20160110
Jiangmin 20160111
K7AntiVirus 20160110
K7GW 20160110
Kaspersky 20160111
Malwarebytes 20160111
McAfee 20160111
McAfee-GW-Edition 20160111
Microsoft 20160110
eScan 20160111
NANO-Antivirus 20160111
nProtect 20160108
Panda 20160110
Qihoo-360 20160111
Rising 20160110
Sophos AV 20160111
SUPERAntiSpyware 20160111
Symantec 20160110
Tencent 20160111
TheHacker 20160107
TotalDefense 20160110
TrendMicro 20160111
TrendMicro-HouseCall 20160111
VBA32 20160107
VIPRE 20160111
ViRobot 20160110
Zillya 20160110
Zoner 20160110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-05-23 13:28:20
Entry Point 0x00054112
Number of sections 4
PE sections
Overlays
MD5 8a21952535e632abb17aa4cabc63e498
File type data
Offset 540672
Size 740474
Entropy 8.00
PE imports
RegDeleteKeyA
CloseServiceHandle
RegCloseKey
OpenServiceA
CreateServiceA
QueryServiceStatus
RegQueryValueExA
RegSetValueExA
ControlService
RegDeleteValueA
RegCreateKeyExA
DeleteService
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_Create
InitCommonControlsEx
ImageList_Add
AddFontResourceA
SetMapMode
CreatePen
TextOutA
CreateFontIndirectA
GetTextMetricsA
GetPixel
GetDeviceCaps
LineTo
DeleteDC
SetBkMode
EndDoc
StartPage
BitBlt
SetTextColor
GetObjectA
GetOutlineTextMetricsA
MoveToEx
GetStockObject
CreateCompatibleDC
StretchBlt
EndPage
RemoveFontResourceA
SelectObject
GetTextExtentPoint32A
CreateSolidBrush
GetTextExtentPointA
SetBkColor
DeleteObject
StartDocA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetTempPathA
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
FreeLibrary
LocalFree
MoveFileA
ResumeThread
GetEnvironmentVariableA
FindClose
TlsGetValue
OutputDebugStringA
SetLastError
GetSystemTime
InitializeCriticalSection
LocalLock
CopyFileA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
GetVolumeInformationA
GetPrivateProfileStringA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetFilePointer
GlobalMemoryStatus
CreateThread
SetUnhandledExceptionFilter
GetSystemDirectoryA
MoveFileExA
SetEnvironmentVariableA
GetDiskFreeSpaceExA
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
IsBadWritePtr
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
CompareStringW
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
GetTempFileNameA
FindNextFileA
TerminateProcess
ExpandEnvironmentStringsA
GetTimeZoneInformation
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LocalUnlock
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
lstrlenA
LCMapStringA
GetEnvironmentStringsW
RemoveDirectoryA
GetShortPathNameA
GetEnvironmentStrings
CompareFileTime
WritePrivateProfileStringA
SetFileTime
lstrlenW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
SuspendThread
RaiseException
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetVersion
CreateProcessA
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
GetOEMCP
VarUI1FromStr
VarBstrFromI4
VarI2FromDate
VarR4FromI4
SysAllocString
SysStringByteLen
VarI2FromStr
VarI4FromI1
VarI4FromI2
VarDateFromBool
VarBoolFromI4
VariantInit
VarI4FromR4
VarBstrFromI2
VarBstrFromI1
VarDateFromR4
VarI4FromStr
VarI4FromDate
VarBstrFromDate
VarDateFromR8
VarBstrFromUI1
VarBstrFromUI2
VarUI2FromDate
VarBstrFromUI4
VarDateFromStr
SysStringLen
VarDateFromI1
VarBoolFromStr
VarDateFromI4
VarI4FromR8
VarBoolFromDate
VarR4FromStr
SysFreeString
VarI1FromDate
VarR8FromI4
VarBstrFromR8
VarR8FromDate
VarI1FromI4
VarUI4FromStr
VarUI4FromDate
VarUI2FromI4
VarBstrFromBool
VarR8FromStr
VarI4FromUI2
VarI4FromUI1
VarI4FromUI4
VarI4FromBool
VariantTimeToSystemTime
VarI2FromI4
SystemTimeToVariantTime
SysAllocStringLen
VarR4FromDate
VarUI1FromI4
VariantClear
SysAllocStringByteLen
VarUI1FromDate
VarUI4FromI4
VarBstrFromR4
VarI1FromStr
VarDateFromUI4
VarUI2FromStr
VarDateFromUI1
VarDateFromUI2
UuidCreate
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
RedrawWindow
RegisterClassA
GetParent
DrawTextA
GetScrollInfo
BeginPaint
CreateDialogIndirectParamA
DefWindowProcA
KillTimer
ScreenToClient
ShowWindow
GetNextDlgGroupItem
SetWindowPos
GetSystemMetrics
IsWindow
GetWindowRect
DispatchMessageA
EndPaint
SetDlgItemTextA
PostMessageA
MoveWindow
EnumChildWindows
GetDlgItemTextA
MessageBoxA
PeekMessageA
PostThreadMessageA
TranslateMessage
GetWindow
GetSysColor
EndDialog
SetScrollInfo
SetWindowLongA
GetCursorPos
ReleaseDC
GetDlgCtrlID
SetWindowTextA
UnregisterClassA
SendMessageA
GetClientRect
SetTimer
GetDlgItem
ClientToScreen
InvalidateRect
GetWindowLongA
CreateWindowExA
LoadCursorA
LoadIconA
GetMessageA
FillRect
IsDlgButtonChecked
GetDesktopWindow
LoadImageA
GetClassNameA
GetFocus
GetDC
EnableWindow
SetForegroundWindow
DestroyWindow
ExitWindowsEx
DialogBoxIndirectParamA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetSetFilePointer
InternetAttemptConnect
waveOutGetNumDevs
PlaySoundA
gethostname
socket
recv
send
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
GetOpenFileNameA
PrintDlgA
GetSaveFileNameA
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
StringFromCLSID
CoTaskMemFree
StringFromGUID2
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 3
RT_GROUP_CURSOR 1
RT_CURSOR 1
Number of PE resources by language
ENGLISH UK 13
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2002:05:23 15:28:20+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
417792

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
131072

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x54112

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 5c8bce7b9c9ca06b97766728392a5be9
SHA1 ece1250fe22ac212571a4b039bdd7e28fd4c66d8
SHA256 6681a195f420ee962c6fae41ed82522182cf5417a958f0ea9f3717b4b4f6a60a
ssdeep
24576:6reeH+y3dGTNmuZbO+Fr8P6oyu4Qqf1x7lf68ySugkp5840KyyfSv2AQZLP3Ai:z3hFr5FXtpfNkp59fbxZjwi

authentihash a533b36188b047101c2242c74ea29ccec37ffcbecf207cad7baec98360ff50c0
imphash 942ac4c9939603911f6d17d776d9945c
File size 1.2 MB ( 1281146 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (29.5%)
Win64 Executable (generic) (26.1%)
Microsoft Visual C++ compiled executable (generic) (15.6%)
Windows screen saver (12.4%)
Win32 Dynamic Link Library (generic) (6.2%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2009-02-09 16:55:56 UTC ( 10 years, 3 months ago )
Last submission 2016-03-19 02:00:26 UTC ( 3 years, 2 months ago )
File names 8891F81B7AD74C658CEC13690DB7D30083CD1E2B.exe
quick3D_Geo_4_setup.exe
downloadfile
quick3D-Geo-4-setup.exe
438534
1341974534-quick3D_Geo_4_setup.exe
6681A195F420EE962C6FAE41ED82522182CF5417A958F0EA9F3717B4B4F6A60A.exe
quick3d_geo_4_setup.exe
abc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!