× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6eaa8cd36e0820bbcee6ee6a9c271e78eba517db20dec92c4eb43cf6088d9449
File name: logout.exe
Detection ratio: 0 / 42
Analysis date: 2012-08-28 19:37:11 UTC ( 5 years, 2 months ago )
Antivirus Result Update
AhnLab-V3 20120827
AntiVir 20120828
Antiy-AVL 20120828
Avast 20120828
AVG 20120828
BitDefender 20120828
ByteHero 20120827
CAT-QuickHeal 20120828
ClamAV 20120828
Commtouch 20120828
Comodo 20120828
DrWeb 20120828
Emsisoft 20120828
eSafe 20120826
ESET-NOD32 20120828
F-Prot 20120827
F-Secure 20120828
Fortinet 20120828
GData 20120828
Ikarus 20120828
Jiangmin 20120828
K7AntiVirus 20120827
Kaspersky 20120828
McAfee 20120828
McAfee-GW-Edition 20120827
Microsoft 20120828
Norman 20120827
nProtect 20120827
Panda 20120828
PCTools 20120828
Rising 20120828
Sophos AV 20120828
SUPERAntiSpyware 20120828
Symantec 20120828
TheHacker 20120826
TotalDefense 20120827
TrendMicro 20120828
TrendMicro-HouseCall 20120828
VBA32 20120828
VIPRE 20120828
ViRobot 20120828
VirusBuster 20120828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-11-12 00:05:26
Entry Point 0x00001040
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
DebugBreak
IsBadReadPtr
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
HeapValidate
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
TerminateProcess
HeapCreate
VirtualFree
InterlockedDecrement
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
InterlockedIncrement
LoadAcceleratorsA
ExitWindowsEx
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1997:11:11 16:05:26-08:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55808

LinkerVersion
5.2

EntryPoint
0x1040

InitializedDataSize
31744

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e0f74b309ca24ad5d8c252b084fdd430
SHA1 d3f832813f740bea80f2622e3bbf498f9648d32f
SHA256 6eaa8cd36e0820bbcee6ee6a9c271e78eba517db20dec92c4eb43cf6088d9449
ssdeep
768:dOCEMS+XeqEYGyfPVqSpVhf10q4ueZoOec9Te9Cxub17WpGerRr0ySSTg1e:QhMNXeqEYf4St10J3z9a9kpGerRY2gs

File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ 4.x (69.2%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
Win16/32 Executable Delphi generic (1.0%)
Tags
peexe installshield

VirusTotal metadata
First submission 2012-08-28 19:37:11 UTC ( 5 years, 2 months ago )
Last submission 2012-08-28 19:37:11 UTC ( 5 years, 2 months ago )
File names logout.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!