× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6be9603316045e51b4b0a1fba90bc011aee14689f05659a50b2060c51d330ea1
File name: mspass.exe
Detection ratio: 26 / 43
Analysis date: 2011-05-31 17:27:44 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
AhnLab-V3 Win-AppCare/emkfbotsvboo.66560 20110531
Avast5 Win32:PSWtool-N 20110531
BitDefender Gen:Application.Heur.emKfbOTSvboO 20110531
CAT-QuickHeal Trojan.Provis.rts 20110531
Commtouch W32/Pwstool.E 20110531
Comodo ApplicUnsaf.Win32.PSWTool.Messen.SG 20110531
DrWeb Tool.PassView.356 20110531
Emsisoft Riskware.Win32.MPass.A!A2 20110531
F-Prot W32/Pwstool.E 20110530
F-Secure Gen:Application.Heur.emKfbOTSvboO 20110531
Fortinet HackerTool/Swizzor 20110531
GData Gen:Application.Heur.emKfbOTSvboO 20110531
McAfee Generic.dx!vbr 20110531
McAfee-GW-Edition Generic.dx!vbr 20110531
Microsoft Trojan:Win32/Provis!rts 20110531
NOD32 a variant of Win32/MPass.A 20110531
Norman W32/Suspicious_Gen2.EWCLX 20110530
PCTools SecurityRisk.PasswordRevealer 20110519
Sophos Messen 20110531
Symantec PasswordRevealer 20110531
TrendMicro TROJ_SPNR.03CG11 20110531
TrendMicro-HouseCall TROJ_SPNR.03CG11 20110531
VIPRE Trojan.Win32.Generic!BT 20110531
VirusBuster Trojan.MPass!1PGonM5B1cc 20110531
eSafe Win32.PasswordReveal 20110531
nProtect Gen:Application.Heur.emKfbOTSvboO 20110531
AVG 20110531
AntiVir 20110531
Antiy-AVL 20110531
Avast 20110531
ClamAV 20110531
Ikarus 20110531
Jiangmin 20110530
K7AntiVirus 20110531
Kaspersky 20110531
Panda 20110531
Prevx 20110531
Rising 20110531
SUPERAntiSpyware 20110531
TheHacker 20110531
VBA32 20110531
ViRobot 20110531
eTrust-Vet 20110531
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 2004 - 2010 Nir Sofer

Publisher NirSoft
Product MessenPass
Original name mspass.exe
Internal name MessenPass
File version 1.40
Description Instant Messengers Password Recovery
Packers identified
Command UPX
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-11-28 08:43:16
Link date 9:43 AM 11/28/2010
Entry Point 0x00022AA0
Number of sections 3
PE sections
PE imports
RegEnumKeyA
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SHGetMalloc
GetSaveFileNameA
CoInitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 4
RT_BITMAP 4
RT_ICON 2
RT_MENU 2
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
HEBREW DEFAULT 11
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
8192

ImageVersion
0.0

ProductName
MessenPass

FileVersionNumber
1.4.0.155

UninitializedDataSize
77824

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

OriginalFilename
mspass.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.4

TimeStamp
2010:11:28 09:43:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MessenPass

FileAccessDate
2014:05:29 20:16:44+01:00

ProductVersion
1.4

FileDescription
Instant Messengers Password Recovery

OSVersion
4.0

FileCreateDate
2014:05:29 20:16:44+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 2004 - 2010 Nir Sofer

MachineType
Intel 386 or later, and compatibles

CompanyName
NirSoft

CodeSize
61440

FileSubtype
0

ProductVersionNumber
1.4.0.152

EntryPoint
0x22aa0

ObjectFileType
Executable application

File identification
MD5 3f40a7ed3a5ee04bb43d43bd94823e72
SHA1 0b2995e1fee683b2706e9299e320d4fd6b09f98d
SHA256 6be9603316045e51b4b0a1fba90bc011aee14689f05659a50b2060c51d330ea1
ssdeep
1536:SvykpOZ0MU7EkLNPijjr7RpVQ8VX6B+EEYkrq3sJOZmI1V:SqkpQ0/7EkLNGf7RE8R6CYkG9mIr

imphash 292a26776584a4b8d055ee3c3909a9e3
File size 65.0 KB ( 66560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (35.8%)
Win32 EXE Yoda's Crypter (31.1%)
Windows Screen Saver (15.3%)
Win32 Dynamic Link Library (generic) (7.7%)
Win32 Executable (generic) (5.2%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-11-29 13:00:10 UTC ( 3 years, 7 months ago )
Last submission 2014-05-29 19:16:42 UTC ( 1 month, 1 week ago )
File names smona129103509515660660658
mspass.exe
smona130796022356484059489
sample ._DONTEXECUTE
smona131505830523654036191
smona130609399692111889477
file-1595127_exe
6a3dff48ae3b18dc3fa2dc05948cb700_mspass.exe.safe
0b2995e1fee683b2706e9299e320d4fd6b09f98d.bin
MessenPass
smona132725612026187019535
1.exe
vt-upload-0bqv4
3F40A7ED3A5EE04BB43D43BD94823E72
smona131824602368696054002
pwd.exe
file-3562691_exe
pwd.ex
2BDFFAA1000D44A404110199D6743D00EDC2441D.exe
3f40a7ed3a5ee04bb43d43bd94823e72
smona131695346924133325752
pwd.exe_
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!