× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7bde7920d8b570613449fb7ae65f0668301ab1f1dd36447f535f70b07ab20755
File name: RBU UI
Detection ratio: 3 / 70
Analysis date: 2019-05-17 17:29:13 UTC ( 5 days, 23 hours ago )
Antivirus Result Update
Acronis suspicious 20190517
Ikarus Trojan-Banker.Win32.Banker 20190517
Trapmine malicious.high.ml.score 20190325
Ad-Aware 20190517
AegisLab 20190517
AhnLab-V3 20190517
Alibaba 20190513
Antiy-AVL 20190517
APEX 20190517
Arcabit 20190517
Avast 20190517
Avast-Mobile 20190517
AVG 20190517
Avira (no cloud) 20190517
Babable 20190424
Baidu 20190318
BitDefender 20190517
Bkav 20190517
CAT-QuickHeal 20190517
ClamAV 20190517
CMC 20190321
Comodo 20190517
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cylance 20190517
Cyren 20190517
DrWeb 20190517
eGambit 20190517
Emsisoft 20190517
Endgame 20190403
ESET-NOD32 20190517
F-Prot 20190517
F-Secure 20190517
FireEye 20190517
Fortinet 20190517
GData 20190517
Sophos ML 20190313
Jiangmin 20190517
K7AntiVirus 20190517
K7GW 20190517
Kaspersky 20190517
Kingsoft 20190517
Malwarebytes 20190517
MAX 20190517
McAfee 20190517
McAfee-GW-Edition 20190517
Microsoft 20190517
eScan 20190517
NANO-Antivirus 20190517
Palo Alto Networks (Known Signatures) 20190517
Panda 20190517
Qihoo-360 20190517
Rising 20190517
SentinelOne (Static ML) 20190511
Sophos AV 20190517
SUPERAntiSpyware 20190514
Symantec 20190517
Symantec Mobile Insight 20190516
TACHYON 20190517
Tencent 20190517
TheHacker 20190516
TotalDefense 20190517
TrendMicro 20190517
TrendMicro-HouseCall 20190517
Trustlook 20190517
VBA32 20190517
ViRobot 20190517
Webroot 20190517
Zillya 20190517
ZoneAlarm by Check Point 20190517
Zoner 20190516
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2006

Product Backup Engine
Original name bu2006.exe
Internal name RBU UI
File version 1.0.0.28
Description Backup Engine
Comments support@liquidcaffeine.net
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
RegQueryValueExA
_TrackMouseEvent
UnrealizeObject
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
CoTaskMemFree
SysFreeString
SHFileOperationA
GetKeyboardType
VerQueryValueA
timeGetTime
WSACleanup
Number of PE resources by type
RT_STRING 56
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 4
RT_DIALOG 2
RT_ICON 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
ENGLISH US 55
NEUTRAL 37
PE resources
ExifTool file metadata
LegalTrademarks
Liquid Caffeine Designs

SubsystemVersion
4.0

Comments
support@liquidcaffeine.net

InitializedDataSize
192512

ImageVersion
0.0

ProductName
Backup Engine

FileVersionNumber
1.0.0.28

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
bu2006.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.28

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
RBU UI

ProductVersion
1.0.0.0

FileDescription
Backup Engine

OSVersion
4.0

FileOS
Win32

LegalCopyright
2006

MachineType
Intel 386 or later, and compatibles

CompanyName
Liquid Caffeine Designs

CodeSize
1140224

FileSubtype
0

ProductVersionNumber
1.0.0.28

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 cf900495259ff39b8a3202f352ef0786
SHA1 eb8abfc14497dc3077c7371d8a7565dcc9174893
SHA256 7bde7920d8b570613449fb7ae65f0668301ab1f1dd36447f535f70b07ab20755
ssdeep
12288:HTJAvvDixCmXf6bvvXgiWS+BrcAb/pqC8mdKP7HUSZHN:t0sisiWr/pSm

authentihash 95ca3aeb9a6fd427621ae4285bca23d6f931f5b2a98f4c85d462df6b698d4152
imphash 2e2578bc8ab8f8fbe048ffd896e38270
File size 416.0 KB ( 425984 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (49.2%)
Win32 EXE PECompact compressed (generic) (34.6%)
Win32 Dynamic Link Library (generic) (5.4%)
Win32 Executable (generic) (3.7%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2019-04-20 22:09:17 UTC ( 1 month ago )
Last submission 2019-04-20 22:09:17 UTC ( 1 month ago )
File names bu2006.exe
BU2006.exe
RBU UI
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs