× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 72d7e6e0fb3b30e9520fea6e613bc87a039d31bc751f67b2fb00fbebeb2dc01d
File name: ATLX2372013.exe
Detection ratio: 5 / 47
Analysis date: 2013-09-12 22:33:27 UTC ( 5 years ago ) View latest
Antivirus Result Update
Yandex Packed/PECompact 20130912
AntiVir TR/ATRAPS.Gen 20130912
AVG KillAV.CRY 20130912
ESET-NOD32 a variant of Win32/AntiAV.NIJ 20130912
Jiangmin TrojanSpy.Banker.gsh 20130903
AhnLab-V3 20130912
Antiy-AVL 20130912
Avast 20130912
Baidu-International 20130912
BitDefender 20130912
ByteHero 20130903
CAT-QuickHeal 20130912
ClamAV 20130912
Commtouch 20130912
Comodo 20130912
DrWeb 20130912
Emsisoft 20130912
F-Prot 20130912
F-Secure 20130912
Fortinet 20130912
GData 20130912
Ikarus 20130912
K7AntiVirus 20130912
K7GW 20130912
Kaspersky 20130912
Kingsoft 20130829
Malwarebytes 20130912
McAfee 20130912
McAfee-GW-Edition 20130912
Microsoft 20130912
eScan 20130912
NANO-Antivirus 20130911
Norman 20130912
nProtect 20130912
Panda 20130912
PCTools 20130912
Rising 20130912
Sophos AV 20130912
SUPERAntiSpyware 20130912
Symantec 20130912
TheHacker 20130912
TotalDefense 20130912
TrendMicro 20130912
TrendMicro-HouseCall 20130912
VBA32 20130912
VIPRE 20130912
ViRobot 20130912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx (Slim Loader) --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
RegQueryValueExA
ImageList_SetIconSize
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
WNetGetUniversalNameA
CoTaskMemFree
SysFreeString
GetKeyboardType
VerQueryValueA
Number of PE resources by type
RT_STRING 18
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 3
RT_DIALOG 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 48
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
507904

LinkerVersion
2.25

EntryPoint
0x1000

InitializedDataSize
81408

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 41623ee528b8701692925e32aa6d5a84
SHA1 0245056a18b2067fc6780f595c8afdb25d8a9909
SHA256 72d7e6e0fb3b30e9520fea6e613bc87a039d31bc751f67b2fb00fbebeb2dc01d
ssdeep
6144:t1s4wBiHeVuK+d87breiASYVhxIJlDptyu:tukH4uKR7bKbd/SQu

authentihash 5857f57a0ee9710b4dca1790599566e4a5a27d30c5e346a83e099b054dc65c9c
imphash e9f18f14926ca74107d89f0d7004c59f
File size 207.5 KB ( 212480 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2013-09-12 22:33:27 UTC ( 5 years ago )
Last submission 2018-03-24 01:16:34 UTC ( 6 months ago )
File names ATLX2372013
ATLX2372013.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.