× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b01071c7936d4a1ba1f53b5651db5f604dfe7f5aa3e4ed38d48f6ba66eebd5e
File name: ab.exe
Detection ratio: 34 / 46
Analysis date: 2013-04-14 19:23:36 UTC ( 4 years ago )
Antivirus Result Update
Yandex Trojan.Rosena.Gen.1 20130414
AhnLab-V3 Trojan/Win32.Shell 20130414
AntiVir TR/Crypt.EPACK.Gen2 20130414
Avast Win32:SwPatch [Wrm] 20130414
AVG Win32/Heur 20130414
BitDefender Gen:Variant.Patched.2 20130414
CAT-QuickHeal Trojan.Swrort.A 20130414
Commtouch W32/Swrort.A.gen!Eldorado 20130414
Comodo TrojWare.Win32.Rozena.A 20130414
DrWeb Trojan.Swrort.1 20130414
Emsisoft Gen:Variant.Zusy.Elzob.8031 (B) 20130414
ESET-NOD32 a variant of Win32/Rozena.AS 20130414
F-Prot W32/Swrort.A.gen!Eldorado 20130414
F-Secure Gen:Variant.Zusy.Elzob.8031 20130414
Fortinet W32/Swrort.C!tr 20130414
GData Gen:Variant.Patched.2 20130414
Ikarus Trojan.Win32.Genome 20130414
K7AntiVirus Riskware 20130412
Kaspersky HEUR:Trojan.Win32.Generic 20130414
Malwarebytes Trojan.Swrort 20130414
McAfee Swrort.i 20130414
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.I 20130414
Microsoft Trojan:Win32/Swrort.A 20130414
eScan Gen:Variant.Patched.2 20130414
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc 20130414
Norman Swrort.S 20130414
PCTools HeurEngine.MaliciousPacker 20130414
Rising Hack.Swrort!22DC 20130412
Sophos Mal/Swrort-C 20130414
SUPERAntiSpyware Trojan.Backdoor-PoisonIvy 20130413
Symantec Packed.Generic.347 20130414
TrendMicro TROJ_SWRORT.SME 20130414
TrendMicro-HouseCall TROJ_SWRORT.SME 20130414
VIPRE Trojan.Win32.Swrort.B (v) 20130414
Antiy-AVL 20130414
ByteHero 20130412
ClamAV 20130414
eSafe 20130407
Jiangmin 20130414
Kingsoft 20130408
nProtect 20130414
Panda 20130414
TheHacker 20130414
TotalDefense 20130414
VBA32 20130412
ViRobot 20130414
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright 2009 The Apache Software Foundation.

Publisher Apache Software Foundation
Product Apache HTTP Server
Original name ab.exe
Internal name ab.exe
File version 2.2.14
Description ApacheBench command line utility
Comments Licensed under the Apache License, Version 2.0 (the _License_)_ you may not use this file except in compliance with the License. You may obtain a copy of the License at
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-06-13 10:09:12
Entry Point 0x0000B5EA
Number of sections 4
PE sections
PE imports
FreeSid
AllocateAndInitializeSid
PeekNamedPipe
GetLastError
EnterCriticalSection
ReleaseMutex
FileTimeToSystemTime
GetOverlappedResult
GlobalFree
WaitForSingleObject
GetExitCodeProcess
SystemTimeToFileTime
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
SystemTimeToTzSpecificLocalTime
DeleteCriticalSection
GetCurrentProcess
FileTimeToLocalFileTime
GetCommandLineW
FreeEnvironmentStringsW
GetProcAddress
FormatMessageA
SetStdHandle
CreateMutexA
TlsFree
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetSystemTimeAsFileTime
GetFileInformationByHandle
DuplicateHandle
SetHandleInformation
SetEvent
LocalFree
TerminateProcess
DeviceIoControl
GetTimeZoneInformation
InitializeCriticalSection
CreateFileW
CreateEventA
Sleep
GetFileType
CreateFileA
SetLastError
LeaveCriticalSection
strncmp
__p__fmode
malloc
__p__environ
realloc
fclose
__dllonexit
_controlfp
fprintf
printf
fflush
fopen
strncpy
_except_handler3
_errno
qsort
_onexit
wcslen
exit
_XcptFilter
_ftol
strrchr
__setusermatherr
__p__wenviron
_adjust_fdiv
_strdup
_close
strchr
_isctype
__p__commode
_pctype
free
__p___initenv
atoi
wcsncmp
__getmainargs
calloc
perror
_initterm
strstr
signal
strerror
wcscpy
strspn
modf
__mb_cur_max
_strnicmp
_exit
__set_app_type
_iob
WSARecv
WSASend
Ord(12)
Ord(3)
Ord(10)
Ord(23)
Ord(21)
Ord(111)
Ord(151)
Ord(7)
Ord(116)
Ord(4)
Ord(14)
Ord(115)
Ord(52)
Ord(18)
Ord(9)
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

InitializedDataSize
40960

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.2.14.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ApacheBench command line utility

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2009 The Apache Software Foundation.

FileVersion
2.2.14

TimeStamp
2009:06:13 11:09:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ab.exe

FileAccessDate
2013:04:14 20:27:24+01:00

ProductVersion
2.2.14

UninitializedDataSize
0

OSVersion
4.0

FileCreateDate
2013:04:14 20:27:24+01:00

OriginalFilename
ab.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Apache Software Foundation

CodeSize
45056

ProductName
Apache HTTP Server

ProductVersionNumber
2.2.14.0

EntryPoint
0xb5ea

ObjectFileType
Executable application

File identification
MD5 333abc2f9864b70f7ef48b049cba9286
SHA1 49b5a96cafb9167a41bf0d54772689a8779d743f
SHA256 6b01071c7936d4a1ba1f53b5651db5f604dfe7f5aa3e4ed38d48f6ba66eebd5e
ssdeep
1536:I/pSEsEUloCkut07ZpWbihX0tFj1LafFL7sMb+KR0Nc8QsJq39:ApSQDuKTXOqtnse0Nc8QsC9

File size 72.1 KB ( 73802 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (13.4%)
Generic Win/DOS Executable (4.1%)
DOS Executable Generic (4.1%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-14 19:23:36 UTC ( 4 years ago )
Last submission 2013-04-14 19:28:14 UTC ( 4 years ago )
File names ab.exe
333abc2f9864b70f7ef48b049cba9286
svchost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!