× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 764ba4764daae66093b3ca746e97ca3f9e054a317f3e53286698e521341f97c3
File name: file-5391270_exe
Detection ratio: 6 / 46
Analysis date: 2013-04-17 16:27:19 UTC ( 1 year ago )
Antivirus Result Update
AntiVir TR/Crypt.ZPACK.Gen 20130417
Comodo Heur.Packed.Unknown 20130417
Fortinet W32/Kryptik.X!tr 20130417
Malwarebytes Spyware.Zbot.USBV 20130417
McAfee PWS-FAUS!B9BBE7749B43 20130417
Symantec Suspicious.Cloud.5 20130417
AVG 20130417
Agnitum 20130417
AhnLab-V3 20130417
Antiy-AVL 20130417
Avast 20130417
BitDefender 20130417
ByteHero 20130417
CAT-QuickHeal 20130417
ClamAV 20130417
Commtouch 20130417
DrWeb 20130417
ESET-NOD32 20130417
Emsisoft 20130417
F-Prot 20130417
F-Secure 20130417
GData 20130417
Ikarus 20130417
Jiangmin 20130417
K7AntiVirus 20130417
K7GW 20130417
Kaspersky 20130417
Kingsoft 20130415
McAfee-GW-Edition 20130417
MicroWorld-eScan 20130417
Microsoft 20130417
NANO-Antivirus 20130417
Norman 20130417
PCTools 20130417
Panda 20130417
SUPERAntiSpyware 20130417
Sophos 20130417
TheHacker 20130416
TotalDefense 20130417
TrendMicro 20130417
TrendMicro-HouseCall 20130417
VBA32 20130417
VIPRE 20130417
ViRobot 20130417
eSafe 20130415
nProtect 20130417
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-01-23 18:06:06
Entry Point 0x0000114A
Number of sections 5
PE sections
PE imports
DllGetClassObject
DllRegisterServer
CreatePipe
IsBadWritePtr
GetStdHandle
ReleaseMutex
GetLocaleInfoA
GetModuleHandleA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetDriveTypeA
WriteFile
GetPriorityClass
ResetEvent
ReadConsoleW
VirtualProtect
GetCommandLineA
SetLocalTime
GetProcessHeap
RemoveDirectoryA
SetLastError
HeapSize
DwRasUninitialize
SetFocus
wsprintfA
LoadCursorA
DispatchMessageA
PostMessageA
DrawIcon
GetWindowTextW
GetCapture
PeekMessageA
DestroyMenu
GetWindowLongW
GetCaretPos
SetCursor
Number of PE resources by type
RT_ICON 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:01:23 19:06:06+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
1.24

FileAccessDate
2013:04:17 17:36:19+01:00

Warning
Invalid Version Info block

EntryPoint
0x114a

InitializedDataSize
27648

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

FileCreateDate
2013:04:17 17:36:19+01:00

UninitializedDataSize
0

File identification
MD5 b9bbe7749b434c7c5df5e4d203dc9331
SHA1 be770ec3fb96a9aa82c061047aad4e74bceb4669
SHA256 764ba4764daae66093b3ca746e97ca3f9e054a317f3e53286698e521341f97c3
ssdeep
192:1K23QCipSqbPGmL+GXuB5X2V1N/RoHO4zWbG+ROvbUOk+w8OH+Vud9UU:I2FiwspRXuT2PN/sxUwvbGl+8

File size 31.5 KB ( 32256 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (61.7%)
Generic Win/DOS Executable (18.9%)
DOS Executable Generic (18.9%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-04-17 16:27:19 UTC ( 1 year ago )
Last submission 2013-04-17 16:30:26 UTC ( 1 year ago )
File names file-5391270_exe
alifna.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications