× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 71b14207949837747f384ef0f8dad6e4a025ec4126808a87fe195222a96acd8b
File name: 237d3da7dd38ab10fbf7fcc7848c6b5e
Detection ratio: 23 / 41
Analysis date: 2011-04-15 05:08:33 UTC ( 7 years, 10 months ago )
Antivirus Result Update
AhnLab-V3 Adware/Win32.Zwangi 20110415
AntiVir TR/BHO.Zwangi.946 20110415
Avast5 Win32:Zwangi-AP 20110414
AVG OneStepSearcher.P 20110414
BitDefender Application.Generic.353824 20110415
CAT-QuickHeal BrowserModifier.Zwangi (Not a Virus) 20110415
DrWeb Trojan.Searcher.246 20110415
eSafe Win32.TRCrypt.XPACK 20110413
F-Secure Application.Generic.353824 20110415
GData Application.Generic.353824 20110415
Ikarus Gen.Variant.AdWare.Zwangi 20110415
Kaspersky not-a-virus:AdWare.Win32.Zwangi.fip 20110415
McAfee Adware-OneStep.l 20110415
McAfee-GW-Edition Adware-OneStep.l 20110415
Microsoft BrowserModifier:Win32/Zwangi 20110414
NOD32 a variant of Win32/Adware.OneStep.Y 20110415
Norman W32/Zwangi.V 20110413
Panda Generic Malware 20110414
PCTools Trojan.Gen 20110414
Symantec Trojan.Gen.2 20110415
VBA32 AdWare.Zwangi.fip 20110413
VIPRE Trojan.Win32.Generic!BT 20110415
VirusBuster Adware.Zwangi!LRBjxwrtJgo 20110414
Antiy-AVL 20110414
Avast 20110414
ClamAV 20110415
Commtouch 20110415
Comodo 20110415
eTrust-Vet 20110414
F-Prot 20110414
Fortinet 20110415
Jiangmin 20110413
K7AntiVirus 20110413
Prevx 20110415
Rising 20110414
Sophos AV 20110415
SUPERAntiSpyware 20110414
TheHacker 20110413
TrendMicro 20110415
TrendMicro-HouseCall 20110415
ViRobot 20110415
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Signing date 20:23 30/03/2011
PE header basic information
Number of sections 5
PE sections
PE imports
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
1 more function(s) imported by ordinal)
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
lstrcmpiA
CopyFileA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
ExitProcess
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
wsprintfA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleInitialize
OleUninitialize
CoCreateInstance
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:02:17 13:48:44+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

EntryPoint
0x32ce

InitializedDataSize
122368

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 237d3da7dd38ab10fbf7fcc7848c6b5e
SHA1 b722bf829f3c46fd20a3cf4f7f9f78ee2d766c8e
SHA256 71b14207949837747f384ef0f8dad6e4a025ec4126808a87fe195222a96acd8b
ssdeep
12288:/aATcE4FMqxbeFKB0IJU7G3ZzMpJ+Jjru/Z0ZV5s43Opu301i+UXI:/hTcEq18E7ZpzuGZV5s43OA04+n

File size 706.8 KB ( 723792 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
signed

VirusTotal metadata
First submission 2011-03-31 18:26:52 UTC ( 7 years, 10 months ago )
Last submission 2011-04-15 05:08:33 UTC ( 7 years, 10 months ago )
File names aa
803274
802873
237d3da7dd38ab10fbf7fcc7848c6b5e
browserseek-setup.exe
6fCfAEyBW.txt
file-2046121_exe
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!