× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 807c72cabe16b9b4c1d1acab114eb889682a21245aef9b9067a957f9cc8fedf9
File name: msn.exe
Detection ratio: 44 / 55
Analysis date: 2016-08-01 12:16:59 UTC ( 2 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Win32.Virtob.Gen.12.Dam 20160801
AegisLab W32.Sality.m9mM 20160801
AhnLab-V3 Trojan/Win32.Scar.N1861896571 20160801
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20160801
Arcabit Win32.Virtob.Gen.12.Dam 20160801
Avast Win32:Dropper-GUP [Drp] 20160801
AVG Agent5.AAPS 20160801
Avira (no cloud) TR/Patched.Ren.Gen7 20160801
AVware Trojan.Win32.Generic!BT 20160801
Baidu Win32.Worm.Agent.fl 20160801
BitDefender Win32.Virtob.Gen.12.Dam 20160801
Bkav W32.HfsAutoB.9F65 20160801
CAT-QuickHeal Worm.Macoute.g9 20160801
ClamAV Win.Trojan.Agent-1310977 20160801
Comodo TrojWare.Win32.Scar.WRM 20160801
Cyren W32/A-98aec620!Eldorado 20160801
DrWeb Win32.HLLW.Autoruner1.7767 20160801
Emsisoft Win32.Virtob.Gen.12.Dam (B) 20160801
ESET-NOD32 a variant of Win32/Agent.NQB 20160801
F-Prot W32/A-98aec620!Eldorado 20160801
F-Secure Win32.Virtob.Gen.12.Dam 20160801
Fortinet W32/Agent.NML!tr 20160801
GData Win32.Virtob.Gen.12.Dam 20160801
Ikarus Trojan.Win32.Scar 20160801
Jiangmin Trojan/Generic.behde 20160801
K7AntiVirus Trojan ( 004ac0541 ) 20160801
K7GW Trojan ( 004ac0541 ) 20160801
Kaspersky Trojan.Win32.Agentb.bqyr 20160801
Malwarebytes Worm.PasswordStealer 20160801
McAfee W32/Worm-FXE!6EBBB9CF437F 20160801
McAfee-GW-Edition BehavesLike.Win32.Worm.tt 20160801
Microsoft Worm:Win32/Macoute.A 20160801
eScan Win32.Virtob.Gen.12.Dam 20160801
NANO-Antivirus Trojan.Win32.Autoruner1.dsodbf 20160801
Panda Trj/Genetic.gen 20160731
Qihoo-360 Win32/Trojan.Dropper.83a 20160801
Sophos AV Mal/Generic-S 20160801
Symantec Trojan.Fakeavlock 20160801
Tencent Virus.Win32.Virut.ug 20160801
TrendMicro-HouseCall WORM_MACOUTE.SMJ1 20160801
VBA32 Trojan.Scar 20160801
VIPRE Trojan.Win32.Generic!BT 20160801
Yandex Trojan.Scar!dYExnqofozs 20160731
Zillya Worm.Agent.Win32.29669 20160731
Alibaba 20160801
ALYac 20160801
CMC 20160801
Kingsoft 20160801
nProtect 20160729
SUPERAntiSpyware 20160801
TheHacker 20160729
TotalDefense 20160801
TrendMicro 20160801
ViRobot 20160801
Zoner 20160801
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2002-06-21 10:26:09
Entry Point 0x000012C0
Number of sections 9
PE sections
PE imports
SetSecurityDescriptorDacl
CryptReleaseContext
RegCloseKey
OpenProcessToken
CryptAcquireContextA
RegSetValueExA
SetSecurityDescriptorGroup
CryptGetHashParam
RegQueryValueExA
InitializeSecurityDescriptor
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
RegQueryInfoKeyA
SetSecurityDescriptorSacl
CryptDestroyHash
CryptCreateHash
CryptUnprotectData
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
InitializeCriticalSection
GetStdHandle
EnterCriticalSection
ReadFile
UnmapViewOfFile
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
GetFileTime
SetEvent
FreeLibrary
GetThreadTimes
CopyFileA
ExitProcess
SetFileTime
VirtualProtect
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetConsoleMode
lstrlenA
GetCurrentProcessId
CreateDirectoryA
lstrlenW
GetWindowsDirectoryA
MultiByteToWideChar
MapViewOfFile
GetCommandLineA
GetProcAddress
GetSystemInfo
GetCurrentThread
CreateMutexA
IsDBCSLeadByteEx
GetTempPathA
CreateThread
GetOverlappedResult
GetModuleHandleA
LocalFree
FindFirstFileA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetComputerNameA
FindNextFileA
WaitForMultipleObjects
SetFileAttributesA
GetDriveTypeA
GetSystemTimeAdjustment
GlobalMemoryStatus
QueryPerformanceCounter
WideCharToMultiByte
GetEnvironmentVariableA
SetConsoleMode
lstrcpyA
WaitForSingleObject
VirtualQuery
CreateEventA
FindClose
TlsGetValue
Sleep
GetTickCount
CreateFileA
GetProcessTimes
GetCurrentThreadId
GetFileSize
SetLastError
LeaveCriticalSection
ShellExecuteExA
ShellExecuteA
GetAsyncKeyState
GetCursorPos
GetWindowTextLengthA
GetForegroundWindow
GetMessageA
ReleaseDC
GetQueueStatus
GetCapture
wsprintfA
GetClipboardOwner
GetWindowTextA
FindWindowA
SendMessageA
GetDC
FindCloseUrlCache
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
socket
closesocket
inet_addr
send
WSAStartup
connect
htons
recv
__p__fmode
__p__environ
fclose
strtoul
_fstat
fflush
strtol
fputc
fwrite
fputs
_utime
_close
_isatty
strrchr
perror
_write
memcpy
strstr
memmove
signal
remove
_mkdir
strcmp
strncmp
fgetc
memset
strcat
_stricmp
atexit
_setmode
_chmod
strchr
ftell
exit
sprintf
_unlink
mbstowcs
strcspn
free
__getmainargs
_stat
_vsnprintf
_read
strcpy
__mb_cur_max
strftime
_iob
setlocale
realloc
printf
fopen
strncpy
_cexit
_open
_onexit
wcslen
memcmp
_filbuf
_isctype
_pctype
getenv
atoi
vfprintf
__lc_codepage
_winmajor
localeconv
_setjmp
strspn
localtime
malloc
sscanf
fread
fgets
abort
fprintf
strlen
_strrev
_errno
fseek
sqrt
_strdup
longjmp
calloc
wcstombs
time
_flsbuf
__set_app_type
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2002:06:21 11:26:09+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
237568

LinkerVersion
2.2

EntryPoint
0x12c0

InitializedDataSize
93696

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
353792

File identification
MD5 6ebbb9cf437f9bf747e3128b46aa9af5
SHA1 b4e9560b2f1e8563ad837d546ca89a2044788459
SHA256 807c72cabe16b9b4c1d1acab114eb889682a21245aef9b9067a957f9cc8fedf9
ssdeep
24576:9H3q6ctjO6ef6yc8+KtzjzOoQKVCrUdSdkZ0:166c10XcnKtz3lVCkSKZ

authentihash 01ab403b588ee6eec38b07bc9c2547588fa73f3bc1f63c41b0d7bd3d60dc4e34
imphash 23b7a2ad6dd5722f5566eaa0d8a348bf
File size 1.5 MB ( 1561600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.7%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2016-06-15 10:38:27 UTC ( 2 years, 8 months ago )
Last submission 2017-04-20 01:30:49 UTC ( 1 year, 10 months ago )
File names msn.exe
msn.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications