× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6ba7c4fd479b89b9f88306e15ea1de59ea0ab0059eead2f92ab6ed62f789e7f7
File name: junior-icon-editor.exe
Detection ratio: 0 / 51
Analysis date: 2014-02-05 03:23:29 UTC ( 1 year, 1 month ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
AVG 20140204
Ad-Aware 20140205
AegisLab 20140205
Agnitum 20140204
AhnLab-V3 20140204
AntiVir 20140205
Antiy-AVL 20140204
Avast 20140205
Baidu-International 20140204
BitDefender 20140205
Bkav 20140125
ByteHero 20140205
CAT-QuickHeal 20140204
CMC 20140122
ClamAV 20140205
Commtouch 20140205
Comodo 20140204
DrWeb 20140205
ESET-NOD32 20140205
Emsisoft 20140205
F-Prot 20140204
F-Secure 20140205
Fortinet 20140205
GData 20140205
Ikarus 20140205
Jiangmin 20140204
K7AntiVirus 20140204
K7GW 20140204
Kaspersky 20140205
Kingsoft 20140205
Malwarebytes 20140205
McAfee 20140205
McAfee-GW-Edition 20140205
MicroWorld-eScan 20140205
Microsoft 20140205
NANO-Antivirus 20140205
Norman 20140204
Panda 20140204
Qihoo-360 20140205
Rising 20140204
SUPERAntiSpyware 20140204
Sophos 20140205
Symantec 20140205
TheHacker 20140204
TotalDefense 20140205
TrendMicro 20140205
TrendMicro-HouseCall 20140205
VBA32 20140203
VIPRE 20140205
ViRobot 20140204
nProtect 20140204
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright © 2013 SibCode

Publisher SibCode
Product junior icon editor
Original name junior-icon-editor.exe
Internal name junior-icon-editor
File version 4.33
Description junior icon editor Setup
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-01-31 17:44:13
Link date 6:44 PM 1/31/2011
Entry Point 0x00001D20
Number of sections 5
PE sections
PE imports
GetLastError
lstrlenA
GetFileAttributesA
FreeLibrary
ExitProcess
GetModuleFileNameA
LoadLibraryA
GetStartupInfoA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetProcAddress
CreateMutexA
GetTempPathA
GetModuleHandleA
lstrcmpA
lstrcpyA
CloseHandle
WriteFile
VirtualFree
CreateFileA
VirtualAlloc
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_exit
_initterm
__set_app_type
wsprintfA
MessageBoxA
Number of PE resources by type
RT_DIALOG 11
RT_ICON 6
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
NEUTRAL 5
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
126976

ImageVersion
0.0

ProductName
junior icon editor

FileVersionNumber
4.33.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unknown (01B5)

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
4.33

TimeStamp
2011:01:31 18:44:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
junior-icon-editor

ProductVersion
4.33

FileDescription
junior icon editor Setup

OSVersion
4.0

OriginalFilename
junior-icon-editor.exe

LegalCopyright
Copyright 2013 SibCode

MachineType
Intel 386 or later, and compatibles

CompanyName
SibCode

CodeSize
4096

FileSubtype
0

ProductVersionNumber
4.33.0.0

EntryPoint
0x1d20

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 716159b3bcd686a25c052034ab20032f
SHA1 a0ab623b8232138eb0991db09d50277cf8abe913
SHA256 6ba7c4fd479b89b9f88306e15ea1de59ea0ab0059eead2f92ab6ed62f789e7f7
ssdeep
98304:dQhbB9XzOP+hgyGqATgmcGn4A6mzi7/+O9veyjIyTKrkH/23bnw5Jbq2Oop8J:dOS+XNw4fT+O990W/Gn4LE

authentihash a5328178a696f5a5091baebe2810462d672b3dd10a70305a166eabe782d4913f
imphash d221b1dc8c3a08622f6512e7876527c8
File size 5.6 MB ( 5919986 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe software-collection armadillo via-tor

VirusTotal metadata
First submission 2013-12-21 19:11:48 UTC ( 1 year, 3 months ago )
Last submission 2015-03-15 12:06:01 UTC ( 2 weeks, 1 day ago )
File names cfebc9afa6adb0353ac0daf2562927d3f0a9ce25
junior-icon-editor.exe
junior-icon-editor.exe
junior-icon-editor
SibCode Junior Icon Editor_4.33.exe
Junior Icon Editor_4.33.exe
junior-icon-editor.exe
junior-icon-editor-4-32-en-win.exe
junior-icon-editor.exe
myfile
junior-icon-editor.exe
junior-icon-editor.exe
file-6493385_exe
Junior Icon Editor is free software now! - junior-icon-editor.exe
Junior Icon Editor.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Set keys
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.