× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7822c4f979f0367b3e9a7e5ef592d4937d60bf30d031f534156546f290f8acef
File name: 9.exe
Detection ratio: 6 / 55
Analysis date: 2015-08-04 17:45:08 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Backdoor/Win32.Drixed 20150804
Kaspersky UDS:DangerousObject.Multi.Generic 20150804
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150804
Symantec Trojan.Cridex 20150804
TrendMicro TROJ_INJECT.XXTZH 20150804
TrendMicro-HouseCall TROJ_INJECT.XXTZH 20150804
Ad-Aware 20150804
AegisLab 20150804
Yandex 20150804
Alibaba 20150803
ALYac 20150804
Antiy-AVL 20150804
Arcabit 20150804
Avast 20150804
AVG 20150804
Avira (no cloud) 20150804
AVware 20150804
Baidu-International 20150804
BitDefender 20150804
Bkav 20150804
ByteHero 20150804
CAT-QuickHeal 20150804
ClamAV 20150804
Comodo 20150804
Cyren 20150804
DrWeb 20150804
Emsisoft 20150804
ESET-NOD32 20150804
F-Prot 20150804
F-Secure 20150804
Fortinet 20150804
GData 20150804
Ikarus 20150804
Jiangmin 20150803
K7AntiVirus 20150804
K7GW 20150804
Kingsoft 20150804
Malwarebytes 20150804
McAfee 20150804
McAfee-GW-Edition 20150804
Microsoft 20150804
eScan 20150804
NANO-Antivirus 20150804
nProtect 20150804
Panda 20150804
Rising 20150731
Sophos AV 20150804
SUPERAntiSpyware 20150804
Tencent 20150804
TheHacker 20150804
VBA32 20150803
VIPRE 20150804
ViRobot 20150804
Zillya 20150804
Zoner 20150804
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Sipro Lab Telecom Inc. 1998-99

Publisher Sipro Lab Telecom Inc.
Product ACELP.net Audio Codec
Original name sl_anet.acm
Internal name sl_anet.acm
File version 3.02
Description Audio codec for MS ACM
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-08-04 09:30:52
Entry Point 0x00001046
Number of sections 6
PE sections
PE imports
ClusterRegOpenKey
GetConsoleSelectionInfo
CreateToolhelp32Snapshot
LocalFree
RaiseException
CreateThread
GetProcessShutdownParameters
LocalAlloc
DebugSetProcessKillOnExit
WaitForSingleObject
SetEvent
CreateEventA
GetCommProperties
Sleep
GetTempFileNameW
GetComputerNameExW
CreateMailslotA
GetGeoInfoW
PostMessageW
_chkstk
atan
iscntrl
isprint
wcsncat
ZwClose
CoCreateInstance
PdhGetCounterInfoA
CoInternetCompareUrl
Number of PE resources by type
RT_STRING 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 3
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
8

FileVersionNumber
3.2.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x30003f

CharacterSet
Windows, Latin1

InitializedDataSize
89088

EntryPoint
0x1046

OriginalFileName
sl_anet.acm

MIMEType
application/octet-stream

LegalCopyright
Copyright Sipro Lab Telecom Inc. 1998-99

FileVersion
3.02

TimeStamp
2015:08:04 10:30:52+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sl_anet.acm

ProductVersion
3.02

FileDescription
Audio codec for MS ACM

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Sipro Lab Telecom Inc.

CodeSize
45056

ProductName
ACELP.net Audio Codec

ProductVersionNumber
3.2.0.0

FileTypeExtension
exe

ObjectFileType
Driver

File identification
MD5 a1ebab44ad99e97a96952bbd189e3bf7
SHA1 63808f6c441dfff536990530871fde07c1ac7c5b
SHA256 7822c4f979f0367b3e9a7e5ef592d4937d60bf30d031f534156546f290f8acef
ssdeep
1536:06t+V1N0h7k2A2dz4JWaElphZKxC8++Y3TUvYfdgNjW9F/OxE8jWsVTEe:0y+bN0hlrbpCxCNv3ogdNh8isVwe

authentihash 285f9b1ef42245d2b3c102e26d1dbe90eb47244162fcae09672176a71c9f5cad
imphash 26d5414f28d623892c854c66bfb141ee
File size 113.0 KB ( 115712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-04 11:16:17 UTC ( 3 years, 3 months ago )
Last submission 2015-08-05 05:24:03 UTC ( 3 years, 3 months ago )
File names rss.exe
9.exe
Sample (3).exe
a1ebab44ad99e97a96952bbd189e3bf7.exe
sl_anet.acm
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections