× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80c1bc6af5e115034ff5eb8a7395b2bdf48e0dad3bb1d250f17bc0adbcfb08c1
File name: msn.exe
Detection ratio: 30 / 53
Analysis date: 2014-07-03 09:03:47 UTC ( 4 years, 7 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Graftor.137537 20140703
Yandex Trojan.Scar!MfpHj0xOJS8 20140701
AhnLab-V3 Trojan/Win32.Scar 20140703
Antiy-AVL Trojan/Win32.Scar 20140702
Avast Win32:Dropper-GUP [Drp] 20140703
AVG Generic23.AFHG 20140703
BitDefender Gen:Variant.Graftor.137537 20140703
Bkav HW32.Laneul.saiu 20140702
CAT-QuickHeal (Suspicious) - DNAScan 20140703
CMC Virus.Win32.Virut.1!O 20140702
DrWeb Win32.HLLW.Autoruner1.7767 20140703
Emsisoft Gen:Variant.Graftor.137537 (B) 20140703
ESET-NOD32 Win32/Agent.NML 20140703
F-Secure Gen:Variant.Graftor.137537 20140703
GData Gen:Variant.Graftor.137537 20140703
Ikarus Trojan.Win32.Scar 20140703
Jiangmin Trojan/Scar.aads 20140703
K7GW Trojan ( 050000001 ) 20140702
Kaspersky Trojan.Win32.Scar.hykb 20140703
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!83 20140702
Microsoft Worm:Win32/Macoute.A 20140703
eScan Gen:Variant.Graftor.137537 20140703
NANO-Antivirus Trojan.Win32.Scar.csqjod 20140703
Norman Virut.HL 20140703
Tencent Virus.Win32.Virut.ue 20140703
TotalDefense Win32/Virut.17408!corrupt 20140702
TrendMicro TROJ_STRICTOR_DD300599.UVPA 20140703
TrendMicro-HouseCall TROJ_STRICTOR_DD300599.UVPA 20140703
VBA32 Trojan.Scar 20140702
Zillya Trojan.Scar.Win32.54986 20140701
AegisLab 20140703
AntiVir 20140703
Baidu-International 20140703
ByteHero 20140703
ClamAV 20140703
Commtouch 20140703
Comodo 20140703
F-Prot 20140703
Fortinet 20140703
K7AntiVirus 20140702
Kingsoft 20140703
Malwarebytes 20140703
McAfee 20140703
nProtect 20140702
Panda 20140703
Qihoo-360 20140703
Rising 20140703
SUPERAntiSpyware 20140702
Symantec 20140703
TheHacker 20140703
VIPRE 20140703
ViRobot 20140703
Zoner 20140701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-02-15 23:33:12
Entry Point 0x000012C0
Number of sections 10
PE sections
PE imports
SetSecurityDescriptorDacl
CryptReleaseContext
RegCloseKey
OpenProcessToken
CryptAcquireContextA
RegSetValueExA
SetSecurityDescriptorGroup
CryptGetHashParam
RegQueryValueExA
InitializeSecurityDescriptor
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
CryptHashData
RegEnumKeyExA
RegQueryInfoKeyA
SetSecurityDescriptorSacl
CryptDestroyHash
CryptCreateHash
CryptUnprotectData
GetDeviceCaps
GetObjectA
DeleteDC
SelectObject
GetDIBits
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetSystemTime
GetLastError
InitializeCriticalSection
GetStdHandle
EnterCriticalSection
ReadFile
UnmapViewOfFile
FileTimeToSystemTime
CreateFileMappingA
GetFileAttributesA
GetFileTime
SetEvent
FreeLibrary
GetThreadTimes
CopyFileA
ExitProcess
SetFileTime
VirtualProtect
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetVolumeInformationA
GetConsoleMode
lstrlenA
GetCurrentProcessId
CreateDirectoryA
lstrlenW
GetWindowsDirectoryA
MultiByteToWideChar
MapViewOfFile
GetCommandLineA
GetProcAddress
GetSystemInfo
GetCurrentThread
CreateMutexA
IsDBCSLeadByteEx
GetTempPathA
CreateThread
GetOverlappedResult
GetModuleHandleA
LocalFree
FindFirstFileA
InterlockedExchange
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetComputerNameA
FindNextFileA
WaitForMultipleObjects
SetFileAttributesA
GetDriveTypeA
GetSystemTimeAdjustment
GlobalMemoryStatus
QueryPerformanceCounter
WideCharToMultiByte
GetEnvironmentVariableA
SetConsoleMode
lstrcpyA
WaitForSingleObject
VirtualQuery
CreateEventA
FindClose
TlsGetValue
Sleep
GetTickCount
CreateFileA
GetProcessTimes
GetCurrentThreadId
GetFileSize
SetLastError
LeaveCriticalSection
ShellExecuteExA
ShellExecuteA
GetAsyncKeyState
GetCursorPos
GetWindowTextLengthA
GetForegroundWindow
GetMessageA
ReleaseDC
GetQueueStatus
GetCapture
wsprintfA
GetClipboardOwner
GetWindowTextA
FindWindowA
SendMessageA
GetDC
FindCloseUrlCache
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
socket
closesocket
inet_addr
send
WSAStartup
connect
htons
recv
__p__fmode
__p__environ
fclose
strtoul
_fstat
fflush
strtol
fputc
fwrite
fputs
_utime
_close
_isatty
strrchr
perror
_write
memcpy
strstr
memmove
signal
remove
_mkdir
strcmp
strncmp
fgetc
memset
strcat
_stricmp
atexit
_setmode
_chmod
strchr
ftell
exit
sprintf
_unlink
mbstowcs
strcspn
free
__getmainargs
_stat
_vsnprintf
_read
strcpy
__mb_cur_max
strftime
_iob
setlocale
realloc
printf
fopen
strncpy
_cexit
_open
_onexit
wcslen
memcmp
_filbuf
_isctype
_pctype
getenv
atoi
vfprintf
__lc_codepage
_winmajor
localeconv
_setjmp
strspn
localtime
malloc
sscanf
fread
fgets
abort
fprintf
strlen
_strrev
_errno
fseek
sqrt
_strdup
longjmp
calloc
wcstombs
time
_flsbuf
__set_app_type
Number of PE resources by type
RT_ICON 9
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2010:02:16 00:33:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
237568

LinkerVersion
2.2

FileAccessDate
2014:07:03 10:05:39+01:00

EntryPoint
0x12c0

InitializedDataSize
93696

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:07:03 10:05:39+01:00

UninitializedDataSize
353792

File identification
MD5 6e64c48b5b6d36fbd08cb49fde9c6b61
SHA1 641b9a975cceb7af38d2cc3a32ac8d3f9da9b8ff
SHA256 80c1bc6af5e115034ff5eb8a7395b2bdf48e0dad3bb1d250f17bc0adbcfb08c1
ssdeep
6144:JafsiuvAQ+tTm6cyERSiytj71cWE4jKS6vN:eCvAQ+q6ctRt636WfjO

imphash 23b7a2ad6dd5722f5566eaa0d8a348bf
File size 387.0 KB ( 396288 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.7%)
Win32 Executable MS Visual C++ (generic) (26.6%)
Win64 Executable (generic) (23.6%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-03 09:03:47 UTC ( 4 years, 7 months ago )
Last submission 2014-07-03 09:03:47 UTC ( 4 years, 7 months ago )
File names msn.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Created processes
Shell commands
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.