× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 76323922624876cad08f4e021a572695fbe5aae35f1ca6a3c95188161fad5483
File name: 436514
Detection ratio: 0 / 56
Analysis date: 2016-01-11 00:37:55 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160111
AegisLab 20160110
Yandex 20160108
AhnLab-V3 20160110
Alibaba 20160109
ALYac 20160111
Antiy-AVL 20160110
Arcabit 20160111
Avast 20160111
AVG 20160111
Avira (no cloud) 20160110
AVware 20160110
Baidu-International 20160110
BitDefender 20160111
Bkav 20160109
ByteHero 20160111
CAT-QuickHeal 20160109
ClamAV 20160110
CMC 20160107
Comodo 20160111
Cyren 20160111
DrWeb 20160111
Emsisoft 20160111
ESET-NOD32 20160111
F-Prot 20160110
F-Secure 20160108
Fortinet 20160110
GData 20160110
Ikarus 20160110
Jiangmin 20160111
K7AntiVirus 20160110
K7GW 20160110
Kaspersky 20160111
Malwarebytes 20160111
McAfee 20160111
McAfee-GW-Edition 20160111
Microsoft 20160110
eScan 20160111
NANO-Antivirus 20160111
nProtect 20160108
Panda 20160110
Qihoo-360 20160111
Rising 20160110
Sophos AV 20160111
SUPERAntiSpyware 20160111
Symantec 20160110
Tencent 20160111
TheHacker 20160107
TotalDefense 20160110
TrendMicro 20160111
TrendMicro-HouseCall 20160111
VBA32 20160107
VIPRE 20160111
ViRobot 20160110
Zillya 20160110
Zoner 20160110
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Ma Jian

File version 3.9.0.2
Description WinWebMail for Win2000/Win2003/Win2008
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-25 19:47:11
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 39b981d01b5349498c1852d97fa72a31
File type data
Offset 14848
Size 8605399
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
3.9.0.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.9.0.2

TimeStamp
2001:10:25 20:47:11+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
WinWebMail for Win2000/Win2003/Win2008

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Ma Jian

MachineType
Intel 386 or later, and compatibles

CompanyName
Ma Jian

CodeSize
8704

FileSubtype
0

ProductVersionNumber
3.9.0.2

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 f1c66fbda46debd7345bbb75ee0b2c81
SHA1 1c19cf10f78b7dd72887febebf53b2e6b5c22f71
SHA256 76323922624876cad08f4e021a572695fbe5aae35f1ca6a3c95188161fad5483
ssdeep
196608:yjLTnJf9RUYiLBeCKWpDzDvxSNzO//IxXhpH3cgN:Uhf9ZiLBeZCPvxaO//IxX3H3r

authentihash 871fe02ed899e41dc1ebb6d1572eb21b8232c80d427edb01fad221ac5483580b
imphash e41c25ab7824b3df73334188c40518ae
File size 8.2 MB ( 8620247 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.7%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
Generic Win/DOS Executable (0.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2014-03-17 00:37:32 UTC ( 4 years, 3 months ago )
Last submission 2016-03-19 01:17:26 UTC ( 2 years, 3 months ago )
File names 76323922624876CAD08F4E021A572695FBE5AAE35F1CA6A3C95188161FAD5483
winwebmail.exe
436514
winwebmail.exe
76323922624876cad08f4e021a572695fbe5aae35f1ca6a3c95188161fad5483
winwebmail-server-3.9.0.2.exe
winwebmail.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Moved files
Deleted files
Runtime DLLs