× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6b20d33e98443022bf235d483f3dcbe607dfea9cf86f191489b730b8eb22e217
File name: i87645y3t23.exe
Detection ratio: 2 / 54
Analysis date: 2015-12-15 10:52:49 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20151215
Rising PE:Malware.XPACK-LNR/Heur!1.5594 [F] 20151215
Ad-Aware 20151215
AegisLab 20151215
Yandex 20151214
AhnLab-V3 20151215
Alibaba 20151208
ALYac 20151215
Antiy-AVL 20151215
Arcabit 20151215
Avast 20151215
AVG 20151215
AVware 20151215
Baidu-International 20151215
BitDefender 20151215
Bkav 20151214
ByteHero 20151215
CAT-QuickHeal 20151215
ClamAV 20151215
CMC 20151215
Comodo 20151215
Cyren 20151215
DrWeb 20151215
Emsisoft 20151215
ESET-NOD32 20151215
F-Prot 20151215
F-Secure 20151215
Fortinet 20151215
GData 20151215
Ikarus 20151215
Jiangmin 20151214
K7AntiVirus 20151215
K7GW 20151215
Kaspersky 20151215
Malwarebytes 20151215
McAfee 20151215
McAfee-GW-Edition 20151215
Microsoft 20151215
eScan 20151215
NANO-Antivirus 20151215
nProtect 20151215
Panda 20151213
Sophos AV 20151215
SUPERAntiSpyware 20151215
Symantec 20151214
Tencent 20151215
TheHacker 20151215
TrendMicro 20151215
TrendMicro-HouseCall 20151215
VBA32 20151214
VIPRE 20151215
ViRobot 20151215
Zillya 20151214
Zoner 20151215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft Corp.

Product Microsoft (R) Visual C++
Original name ATL.DLL
Internal name ATL
File version 3.05.2284
Description ATL Module for Windows XP (Unicode)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-08 06:13:23
Entry Point 0x00025500
Number of sections 14
PE sections
PE imports
LoadLibraryExA
SetConsoleCtrlHandler
GetSystemDefaultUILanguage
GetTempPathW
FreeConsole
FlushFileBuffers
GetProcAddress
SetFileShortNameW
wsprintfA
wsprintfW
wcslen
getwc
Number of PE resources by type
RT_STRING 2
TYPELIB 1
REGISTRY 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
2.24

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
3.5.2284.2

UninitializedDataSize
5632

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
90624

EntryPoint
0x25500

OriginalFileName
ATL.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft Corp.

FileVersion
3.05.2284

TimeStamp
2018:07:08 07:13:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ATL

ProductVersion
6.05.2284

FileDescription
ATL Module for Windows XP (Unicode)

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
48128

ProductName
Microsoft (R) Visual C++

ProductVersionNumber
6.5.0.2284

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 8b288305733214f8e0d95386d886af2d
SHA1 69907d5716a140df4977dc088af549e539d64221
SHA256 6b20d33e98443022bf235d483f3dcbe607dfea9cf86f191489b730b8eb22e217
ssdeep
1536:tfexHOUGMqKojNnY6McseYRMatPmFcQOrRocKCUohkMdWAEZz2w/mMvAcXE:4x33TojNzjseYRPmHOrKck8kMsrxm/

authentihash 90b7b073f7b1e84e5d61be85ab7f67a130e23d591404a25586b642f65f8a4cf0
imphash c99a659b72de533c8502c7d73096b74e
File size 145.5 KB ( 148992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-15 10:38:22 UTC ( 1 year, 10 months ago )
Last submission 2016-12-15 23:23:07 UTC ( 10 months ago )
File names ramamba.exe
8b288305733214f8e0d95386d886af2d.exe
ATL
i87645y3t23.exe
i87645y3t23
258870030864-9-4_1.i87645y3t23.exe
i87645y3t23_exe
i87645y3t23[1].exe_
ATL.DLL
ramamba.exe_
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections