× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7e510633b2ed973b55edc496446cc9d519a63d0db8c87eaf2565468e01528456
File name: system.exe
Detection ratio: 52 / 53
Analysis date: 2014-06-16 11:50:45 UTC ( 2 years, 10 months ago )
Antivirus Result Update
Ad-Aware Win32.Neshta.A 20140616
Yandex Win32.Neshta.A 20140614
AhnLab-V3 Win32/Neshta 20140616
AntiVir W32/Neshta.A 20140616
Antiy-AVL Virus/Win32.Neshta.a 20140616
Avast Win32:Apanas [Trj] 20140616
AVG Worm/Delf.FF 20140616
Baidu-International Virus.Win32.Neshta.$a 20140616
BitDefender Win32.Neshta.A 20140616
Bkav W32.NeshtaB.PE 20140616
CAT-QuickHeal W32.Neshta.A 20140616
ClamAV W32.Neshuta.A 20140616
CMC Virus.Win32.Neshta!O 20140616
Commtouch W32/HLLP.41472 20140616
Comodo Win32.Neshta.A 20140616
DrWeb Win32.HLLP.Neshta 20140616
Emsisoft Win32.Neshta.A (B) 20140616
ESET-NOD32 Win32/Neshta.A 20140616
F-Prot W32/HLLP.41472 20140616
F-Secure Win32.Neshta.A 20140616
Fortinet W32/Neshta.A 20140616
GData Win32.Neshta.A 20140616
Ikarus Virus.Win32.Neshta 20140616
Jiangmin Virus.Neshta.a 20140616
K7AntiVirus Virus ( 002b35171 ) 20140613
K7GW Virus ( 002b35171 ) 20140613
Kaspersky Virus.Win32.Neshta.a 20140616
Kingsoft Win32.Troj.Neshta.c.(kcloud) 20140616
Malwarebytes Trojan.Crypt.NKN 20140616
McAfee W32/HLLP.41472.e 20140616
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.D 20140615
Microsoft Virus:Win32/Neshta.A 20140616
eScan Win32.Neshta.A 20140616
NANO-Antivirus Trojan.Win32.Neshta.cwfstr 20140616
Norman Neshta.C 20140616
nProtect Virus/W32.Neshta 20140616
Panda W32/Neshta.A 20140616
Qihoo-360 Virus.Win32.Neshta.B 20140616
Rising PE:Win32.Netsha.a!411233 20140616
Sophos W32/Bloat-A 20140616
SUPERAntiSpyware Trojan.Agent/Gen-FlyStudio 20140614
Symantec W32.Neshuta 20140616
Tencent Virus.Win32.Neshta.a 20140616
TheHacker W32/Netshta.gen 20140616
TotalDefense Win32/Neshta.A 20140616
TrendMicro PE_NESHTA.A 20140616
TrendMicro-HouseCall PE_NESHTA.A 20140616
VBA32 Virus.Win32.Neshta.a 20140616
VIPRE Virus.Win32.Neshta.a (v) 20140616
ViRobot Win32.Neshta.B 20140616
Zillya Virus.Neshta.Win32.1 20140616
Zoner Win32.Neshta.A 20140613
AegisLab 20140616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000080E4
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetDIBits
GetObjectA
DeleteDC
SelectObject
CreateSolidBrush
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
StretchDIBits
GetLastError
GetStdHandle
EnterCriticalSection
ReleaseMutex
GetFileAttributesA
FreeLibrary
ExitProcess
GetThreadLocale
GetModuleFileNameA
GetFileSize
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetShortPathNameA
GetCommandLineA
CloseHandle
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
FindNextFileA
GetCurrentThreadId
SetFileAttributesA
GetDriveTypeA
LocalFree
GetLogicalDriveStringsA
GetLocalTime
InitializeCriticalSection
VirtualFree
FindClose
TlsGetValue
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
ExtractIconA
ShellExecuteA
ReleaseDC
GetIconInfo
DestroyIcon
FillRect
MessageBoxA
CharLowerBuffA
GetSysColor
GetKeyboardType
GetDC
CopyImage
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.25

FileAccessDate
2014:06:16 12:48:53+01:00

EntryPoint
0x80e4

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:16 12:48:53+01:00

UninitializedDataSize
0

File identification
MD5 a34e3e680a90b7c5506a301902c77961
SHA1 fd6704ed9641fae8e43c52a96ff5d61e0046d21e
SHA256 7e510633b2ed973b55edc496446cc9d519a63d0db8c87eaf2565468e01528456
ssdeep
6144:k9FTipJU+nlnc/qcPFSNfVKiiy0GgNzLqfmx07jqE:eTInq0KhG+zOfmxA

imphash 9f4693fc0c511135129493f2161d1e86
File size 317.3 KB ( 324866 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (93.8%)
Win32 Dynamic Link Library (generic) (2.3%)
Win32 Executable (generic) (1.6%)
Win16/32 Executable Delphi generic (0.7%)
Generic Win/DOS Executable (0.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-06-06 11:16:14 UTC ( 2 years, 10 months ago )
Last submission 2014-06-16 11:50:45 UTC ( 2 years, 10 months ago )
File names system.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.