× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6cfa0887b7dc4091ca59b6f90a9f58e0b4192ea033fc6e745bfdf6aba0c61541
File name: DeleteXP.exe
Detection ratio: 0 / 46
Analysis date: 2013-08-04 04:09:34 UTC ( 4 years, 8 months ago ) View latest
Antivirus Result Update
Yandex 20130804
AhnLab-V3 20130803
AntiVir 20130803
Antiy-AVL 20130802
Avast 20130804
AVG 20130803
BitDefender 20130804
ByteHero 20130724
CAT-QuickHeal 20130803
ClamAV 20130804
Commtouch 20130804
Comodo 20130804
DrWeb 20130804
Emsisoft 20130804
ESET-NOD32 20130803
F-Prot 20130804
F-Secure 20130804
Fortinet 20130804
GData 20130804
Ikarus 20130803
Jiangmin 20130803
K7AntiVirus 20130802
K7GW 20130802
Kaspersky 20130804
Kingsoft 20130723
Malwarebytes 20130803
McAfee 20130804
McAfee-GW-Edition 20130804
Microsoft 20130804
eScan 20130804
NANO-Antivirus 20130804
Norman 20130803
nProtect 20130803
Panda 20130803
PCTools 20130803
Rising 20130802
Sophos AV 20130804
SUPERAntiSpyware 20130803
Symantec 20130804
TheHacker 20130802
TotalDefense 20130802
TrendMicro 20130804
TrendMicro-HouseCall 20130804
VBA32 20130802
VIPRE 20130804
ViRobot 20130803
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Authenticode signature block and FileVersionInfo properties
Publisher Vishwak Solutions Pvt. Ltd.
Signature verification Signed file, verified signature
Signing date 5:13 AM 9/23/2004
Signers
[+] Vishwak Solutions Pvt. Ltd.
Status Certificate out of its validity period
Issuer None
Valid from 2:19 PM 4/15/2004
Valid to 2:19 PM 4/15/2005
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm MD5
Thumbprint 38803AD71C8DF1CA2E0233C50C71D64A521A1986
Serial number 1F DE 95
[+] Thawte Code Signing CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 8/6/2003
Valid to 12:59 AM 8/6/2013
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Serial number 0A
[+] thawte
Status Valid
Issuer None
Valid from 1:00 AM 8/1/1996
Valid to 12:59 AM 1/1/2021
Valid usage Server Auth, Code Signing
Algorithm MD5
Thumbprint 627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Serial number 01
Counter signers
[+] VeriSign Time Stamping Services Signer
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2008
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 817E78267300CB0FE5D631357851DB366123A690
Serial number 0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-09-22 16:01:35
Entry Point 0x00003CF2
Number of sections 3
PE sections
Overlays
MD5 7d3276b9e56d8129d23f3866267b6d3d
File type data
Offset 61440
Size 5904
Entropy 7.29
PE imports
GetLastError
ReadConsoleInputA
HeapFree
GetStdHandle
LCMapStringW
ReadFile
SetHandleCount
GetDriveTypeA
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
GetCurrentProcess
HeapCreate
GetEnvironmentStrings
GetConsoleMode
GetCurrentDirectoryA
UnhandledExceptionFilter
MultiByteToWideChar
HeapSize
IsBadCodePtr
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
IsBadReadPtr
SetStdHandle
GetModuleHandleA
RaiseException
WideCharToMultiByte
GetStringTypeA
SetFilePointer
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
TerminateProcess
GetEnvironmentVariableA
SetConsoleMode
VirtualFree
FindClose
GetFileType
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
SetCurrentDirectoryA
SHFileOperationA
GetDesktopWindow
CharUpperA
InvalidateRect
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:09:22 16:01:35+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
32768

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
28672

SubsystemVersion
4.0

EntryPoint
0x3cf2

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 596ce2f0c4f1c3146e3933fa5a6bed76
SHA1 475754fd97b6adbd0a5137d020d8e57b2824cacc
SHA256 6cfa0887b7dc4091ca59b6f90a9f58e0b4192ea033fc6e745bfdf6aba0c61541
ssdeep
768:P6AumRgVIORROOA0W5tVkgoJudr3nU3EoXM1KJRHnoLJ+5c+/:PyvCO7OMW1SJMroXMIJRHnolxy

authentihash ac67ff513f42a21cad7e5373259074cd6b1cb82d18a0bb7bdeb9a277ce604b06
imphash 33781ec8306975a4b352b58531662300
File size 65.8 KB ( 67344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe armadillo signed overlay

VirusTotal metadata
First submission 2013-04-15 10:50:45 UTC ( 5 years ago )
Last submission 2013-08-04 04:09:34 UTC ( 4 years, 8 months ago )
File names DeleteXP.exe
6CFA0887B7DC4091CA59B6F90A9F58E0B4192EA033FC6E745BFDF6ABA0C61541.exe
DeleteXP.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications