× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 73203bbf5ec449161b5ebb051a9fa0210baa73116d93819e487e2a78ba77d696
File name: 1.exe
Detection ratio: 0 / 42
Analysis date: 2012-06-25 18:22:52 UTC ( 5 years, 4 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120625
AntiVir 20120625
Antiy-AVL 20120625
Avast 20120625
AVG 20120625
BitDefender 20120625
ByteHero 20120618
CAT-QuickHeal 20120625
ClamAV 20120625
Commtouch 20120625
Comodo 20120625
DrWeb 20120625
Emsisoft 20120625
eSafe 20120624
F-Prot 20120625
F-Secure 20120625
Fortinet 20120625
GData 20120625
Ikarus 20120625
Jiangmin 20120625
K7AntiVirus 20120625
Kaspersky 20120625
McAfee 20120625
McAfee-GW-Edition 20120625
Microsoft 20120625
NOD32 20120625
Norman 20120625
nProtect 20120625
Panda 20120625
PCTools 20120625
Rising 20120621
Sophos AV 20120625
SUPERAntiSpyware 20120624
Symantec 20120625
TheHacker 20120625
TotalDefense 20120625
TrendMicro 20120625
TrendMicro-HouseCall 20120625
VBA32 20120625
VIPRE 20120625
ViRobot 20120625
VirusBuster 20120625
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2009

Product AutoHotkey_L
Original name AutoHotkey.exe
Internal name AutoHotkey_L
File version 1, 0, 48, 05
Description AutoHotkey_L
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-09-04 01:21:43
Entry Point 0x000C3EE0
Number of sections 3
PE sections
PE imports
RegCloseKey
GetOpenFileNameW
BitBlt
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
SysAllocString
DragFinish
VerQueryValueW
mixerOpen
gethostbyaddr
CoGetObject
Number of PE resources by type
RT_ICON 16
RT_GROUP_ICON 8
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 29
PE resources
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.48.5

UninitializedDataSize
487424

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
28672

EntryPoint
0xc3ee0

OriginalFileName
AutoHotkey.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2009

FileVersion
1, 0, 48, 05

TimeStamp
2010:09:04 02:21:43+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
AutoHotkey_L

ProductVersion
1, 0, 48, 05

FileDescription
AutoHotkey_L

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
315392

ProductName
AutoHotkey_L

ProductVersionNumber
1.0.48.5

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 5db7bad1443f93a205dc01789fcb8cb7
SHA1 df388d38cce69633f950af1a497d9531d8367f25
SHA256 73203bbf5ec449161b5ebb051a9fa0210baa73116d93819e487e2a78ba77d696
ssdeep
6144:03fNBB19IUNg+p1knhwBv9NC0Ou36fxXACGLomGhDPvQllcDLVvPWtHIIM:0V/15iG1+W00MXNlNxscvVu6

authentihash 37bb54e1978f492324ee24065d791c07aeac5c4c503b3c92f1355e1a42557169
imphash ac744ca1c17d0f40b3d27ef052f613c0
File size 332.0 KB ( 339968 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2010-12-24 02:36:26 UTC ( 6 years, 11 months ago )
Last submission 2017-11-08 11:19:53 UTC ( 1 week, 3 days ago )
File names s.exe
1.exe
1.exe
AutoHotkey_L
s.exe
s.exe
AutoHotkey.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!