× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 74a163c249e0092894a9828b1e8f61c9b5108b3b31dd8cdac7e1cac6eed747a2
File name: ephpod277.exe
Detection ratio: 0 / 68
Analysis date: 2018-01-06 11:41:01 UTC ( 1 week, 4 days ago ) View latest
Antivirus Result Update
Ad-Aware 20180106
AegisLab 20180105
AhnLab-V3 20180106
Alibaba 20180105
ALYac 20180106
Antiy-AVL 20180106
Arcabit 20180106
Avast 20180106
Avast-Mobile 20180105
AVG 20180106
Avira (no cloud) 20180106
AVware 20180103
Baidu 20180105
BitDefender 20180106
Bkav 20180106
CAT-QuickHeal 20180105
ClamAV 20180106
CMC 20180106
Comodo 20180106
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cylance 20180106
Cyren 20180106
DrWeb 20180106
eGambit 20180106
Emsisoft 20180106
Endgame 20171130
ESET-NOD32 20180106
F-Prot 20180106
F-Secure 20180106
Fortinet 20180106
GData 20180106
Ikarus 20180106
Sophos ML 20170914
Jiangmin 20180106
K7AntiVirus 20180106
K7GW 20180106
Kaspersky 20180106
Kingsoft 20180106
Malwarebytes 20180106
MAX 20180106
McAfee 20180102
McAfee-GW-Edition 20180106
Microsoft 20180106
eScan 20180106
NANO-Antivirus 20180106
nProtect 20180106
Palo Alto Networks (Known Signatures) 20180106
Panda 20180106
Qihoo-360 20180106
Rising 20180106
SentinelOne (Static ML) 20171224
Sophos AV 20180106
SUPERAntiSpyware 20180106
Symantec 20180106
Tencent 20180106
TheHacker 20180103
TotalDefense 20180106
TrendMicro 20180106
TrendMicro-HouseCall 20180106
Trustlook 20180106
VBA32 20180105
VIPRE 20180106
ViRobot 20180106
Webroot 20180106
WhiteArmor 20171226
Yandex 20171229
Zillya 20180105
ZoneAlarm by Check Point 20180106
Zoner 20180106
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2001, 2002

File version 1.0
Description EphPod - Use your iPod on Windows
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-04-25 14:37:12
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 dd93b2145666b283d793576bcabb7d64
File type data
Offset 14848
Size 3733696
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0

TimeStamp
2000:04:25 15:37:12+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
EphPod - Use your iPod on Windows

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
2001, 2002

MachineType
Intel 386 or later, and compatibles

CompanyName
Joe Masters

CodeSize
8704

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
File identification
MD5 b9c5899b702cb97dcbff51068ff620b4
SHA1 bd03d3d71be3d5d873f542b3914a40850885ff06
SHA256 74a163c249e0092894a9828b1e8f61c9b5108b3b31dd8cdac7e1cac6eed747a2
ssdeep
98304:+/pHNDv5xHJv4gzsB/AMKrXBLRm+9SSwIji5KeC0f+JsBVKFSSw6RjS:+hxBxHadiM6xtJW5KlZO3KFSSXRG

authentihash cdd78fda95b62d7a6dfe472698e63f94fa4a665c6d661f9e957ef28ccb3f54dd
imphash 5318cd03ef5b5da86800f1483484cfd0
File size 3.6 MB ( 3748544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (96.9%)
Win32 Dynamic Link Library (generic) (1.3%)
Win32 Executable (generic) (0.9%)
Generic Win/DOS Executable (0.4%)
DOS Executable Generic (0.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2007-10-07 19:52:23 UTC ( 10 years, 3 months ago )
Last submission 2017-10-16 23:43:16 UTC ( 3 months ago )
File names sbse____.je3
ephpod277.exe
19ephpod277.exe
1345727199-ephpod277.exe
ephpod277.exe
EE17D7D1231E69832F541A464356294C - ephpod277.exe
ephpod277.exe
74A163C249E0092894A9828B1E8F61C9B5108B3B31DD8CDAC7E1CAC6EED747A2
ephpod277.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!