× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7ce1b57fd10cbd38bb791fa6c9ef4d1f6b5d2beffcc9131385ef87552f863a97
File name: 9d1c20e8e9f9.vir
Detection ratio: 16 / 68
Analysis date: 2017-11-16 04:30:54 UTC ( 1 year, 2 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20171016
Cybereason malicious.5cb78e 20171103
Cylance Unsafe 20171116
Cyren W32/Injector.KW.gen!Eldorado 20171116
Endgame malicious (moderate confidence) 20171024
F-Prot W32/Injector.KW.gen!Eldorado 20171116
Ikarus Virus.Win32.VBInject 20171115
Sophos ML heuristic 20170914
Kaspersky UDS:DangerousObject.Multi.Generic 20171116
Palo Alto Networks (Known Signatures) generic.ml 20171116
SentinelOne (Static ML) static engine - malicious 20171113
Sophos AV Mal/Fareit-J 20171116
Tencent Win32.Trojan.Inject.Auto 20171116
TrendMicro-HouseCall Suspicious_GEN.F47V1116 20171116
WhiteArmor Malware.HighConfidence 20171104
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20171116
Ad-Aware 20171116
AegisLab 20171116
AhnLab-V3 20171115
Alibaba 20170911
ALYac 20171116
Antiy-AVL 20171116
Arcabit 20171116
Avast 20171116
Avast-Mobile 20171115
AVG 20171116
Avira (no cloud) 20171115
AVware 20171116
Baidu 20171115
BitDefender 20171116
Bkav 20171115
CAT-QuickHeal 20171115
ClamAV 20171115
CMC 20171109
Comodo 20171116
DrWeb 20171116
eGambit 20171116
Emsisoft 20171116
ESET-NOD32 20171116
F-Secure 20171116
Fortinet 20171116
GData 20171116
Jiangmin 20171115
K7AntiVirus 20171115
K7GW 20171116
Kingsoft 20171116
Malwarebytes 20171116
MAX 20171116
McAfee 20171116
McAfee-GW-Edition 20171116
Microsoft 20171116
eScan 20171116
NANO-Antivirus 20171116
nProtect 20171116
Panda 20171115
Qihoo-360 20171116
Rising 20171116
SUPERAntiSpyware 20171116
Symantec 20171115
Symantec Mobile Insight 20171115
TheHacker 20171112
TotalDefense 20171115
TrendMicro 20171116
Trustlook 20171116
VBA32 20171115
VIPRE 20171116
ViRobot 20171116
Webroot 20171116
Yandex 20171116
Zillya 20171115
Zoner 20171116
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2000 John Newbigin & 2007 MARTINEAU Emeric

Product RawWrite
Internal name RawWrite
File version 0.8.0.0
Description Create image disk
Comments GPL license
Packers identified
F-PROT PE_Patch, Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 10
PE sections
Overlays
MD5 bf619eac0cdf3f68d496ea9344137e8b
File type ASCII text
Offset 703488
Size 512
Entropy 0.00
PE imports
RegQueryValueExA
ImageList_SetIconSize
GetSaveFileNameA
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
SysFreeString
SafeArrayPtrOfIndex
VariantChangeTypeEx
ShellExecuteA
SHGetSpecialFolderPathA
CreateWindowExA
GetKeyboardType
VerQueryValueA
Number of PE resources by type
RT_ICON 8
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 2
RT_GROUP_ICON 2
RT_VERSION 1
Number of PE resources by language
NEUTRAL 23
FRENCH 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
GPL license

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.8.0.0

LanguageCode
French

FileFlagsMask
0x003f

FileDescription
Create image disk

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
808448

EntryPoint
0x1000

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2000 John Newbigin & 2007 MARTINEAU Emeric

FileVersion
0.8.0.0

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RawWrite

ProductVersion
0.8

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
426496

ProductName
RawWrite

ProductVersionNumber
0.8.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6d048136ea9a3b6271a6b5dcb9aff9d1
SHA1 3232bf75cb78eb84fa988275b13581f43f2651ab
SHA256 7ce1b57fd10cbd38bb791fa6c9ef4d1f6b5d2beffcc9131385ef87552f863a97
ssdeep
12288:UIlvS5CckWqsnjS1CScREQsqSqrBC+bRoDS4R3d06NN6W7rKV+esTCmX:UgSUctfjVS5QsqSoBCsvs3DN3R2m

authentihash 804d94def5fe22bc2f438278104357e6c4aace9a59fc380ffe04fcba48d8e491
imphash 92ae7049214af891dafc29ce9ad60a7f
File size 687.5 KB ( 704000 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe asprotect aspack overlay

VirusTotal metadata
First submission 2017-11-15 23:58:50 UTC ( 1 year, 2 months ago )
Last submission 2018-05-25 18:16:47 UTC ( 7 months, 3 weeks ago )
File names RawWrite
9d1c20e8e9f9.vir
7ce1b57fd10cbd38bb791fa6c9ef4d1f6b5d2beffcc9131385ef87552f863a97.bin.exe
Bank receipt pdf.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications