× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7dd66c37c97adf86b6517fde0a3e56356007370c00754d8e4d52ff8b24bf21f5
File name: HelloWorld2_Test.exe
Detection ratio: 0 / 53
Analysis date: 2014-09-03 16:51:11 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20140903
AegisLab 20140903
Yandex 20140903
AhnLab-V3 20140903
Avast 20140903
AVG 20140903
Avira (no cloud) 20140903
AVware 20140902
Baidu-International 20140903
BitDefender 20140903
Bkav 20140903
ByteHero 20140903
CAT-QuickHeal 20140903
ClamAV 20140903
CMC 20140901
Comodo 20140903
Cyren 20140903
DrWeb 20140903
Emsisoft 20140903
F-Prot 20140903
F-Secure 20140903
Fortinet 20140903
GData 20140903
Ikarus 20140903
Jiangmin 20140901
K7AntiVirus 20140903
K7GW 20140903
Kaspersky 20140903
Kingsoft 20140903
Malwarebytes 20140903
McAfee 20140903
McAfee-GW-Edition 20140902
Microsoft 20140903
eScan 20140903
NANO-Antivirus 20140903
Norman 20140903
nProtect 20140903
Panda 20140903
Qihoo-360 20140903
Rising 20140903
Sophos AV 20140903
SUPERAntiSpyware 20140903
Symantec 20140903
Tencent 20140903
TheHacker 20140902
TotalDefense 20140903
TrendMicro 20140903
TrendMicro-HouseCall 20140903
VBA32 20140903
VIPRE 20140902
ViRobot 20140903
Zillya 20140903
Zoner 20140901
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
File version 1.0.0.0
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x001AB4A8
Number of sections 8
PE sections
Number of PE resources by type
RT_BITMAP 52
RT_STRING 31
RT_RCDATA 17
RT_GROUP_CURSOR 11
RT_CURSOR 11
RT_ICON 10
TYPELIB 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 76
ENGLISH US 60
PE resources
File identification
MD5 5197e96e9a5fae1899da2448d8c3f807
SHA1 23629efd7b160b170dd92f9d6f1e73ade30a45f3
SHA256 7dd66c37c97adf86b6517fde0a3e56356007370c00754d8e4d52ff8b24bf21f5
ssdeep
49152:dGUwKu/5dlHb0xn91Q2C5AVlY7SJb/UMC:dGUBu/5dN+91QNAw7M7c

authentihash 7340bb8dbc8e4a2f59bb70c8b992428fd156c7a1648d4f9b5bff3f9e5292562a
imphash 0cc38a01b083d1a65605f812d24574a6
File size 2.0 MB ( 2080892 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 7 (51.1%)
Win32 Executable Borland Delphi 5 (34.7%)
Windows ActiveX control (8.9%)
Win32 EXE PECompact compressed (generic) (3.1%)
Win32 Executable Delphi generic (1.1%)
Tags
peexe bobsoft

VirusTotal metadata
First submission 2014-09-03 16:51:11 UTC ( 3 years, 1 month ago )
Last submission 2014-09-03 16:51:11 UTC ( 3 years, 1 month ago )
File names HelloWorld2_Test.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications