× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 80e88cbeff3cfb4dd6d553ee569a821c0c6365be02c8acebe0b2cd701e480dd9
File name: 80e88cbeff3cfb4dd6d553ee569a821c0c6365be02c8acebe0b2cd701e480dd9
Detection ratio: 0 / 58
Analysis date: 2016-03-27 16:46:16 UTC ( 2 years, 2 months ago ) View latest
Antivirus Result Update
Ad-Aware 20160327
AegisLab 20160327
Yandex 20160316
AhnLab-V3 20160327
Alibaba 20160323
ALYac 20160327
Antiy-AVL 20160327
Arcabit 20160327
Avast 20160327
AVG 20160327
Avira (no cloud) 20160327
AVware 20160327
Baidu 20160325
Baidu-International 20160327
BitDefender 20160327
Bkav 20160327
ByteHero 20160327
CAT-QuickHeal 20160326
ClamAV 20160326
CMC 20160322
Comodo 20160327
Cyren 20160327
DrWeb 20160327
Emsisoft 20160327
ESET-NOD32 20160327
F-Prot 20160327
F-Secure 20160327
Fortinet 20160327
GData 20160327
Ikarus 20160327
Jiangmin 20160327
K7AntiVirus 20160327
K7GW 20160323
Kaspersky 20160327
Kingsoft 20160327
Malwarebytes 20160327
McAfee 20160327
McAfee-GW-Edition 20160327
Microsoft 20160327
eScan 20160327
NANO-Antivirus 20160327
nProtect 20160325
Panda 20160327
Qihoo-360 20160327
Rising 20160327
Sophos AV 20160327
SUPERAntiSpyware 20160327
Symantec 20160327
Tencent 20160327
TheHacker 20160325
TotalDefense 20160327
TrendMicro 20160327
TrendMicro-HouseCall 20160327
VBA32 20160326
VIPRE 20160327
ViRobot 20160327
Zillya 20160326
Zoner 20160327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

File version
Description Twitter Tweeter Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009A54
Number of sections 8
PE sections
Overlays
MD5 5f3356eed44f690e9239294249feabea
File type data
Offset 61440
Size 1234628
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 3
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
23040

EntryPoint
0x9a54

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Twitter Tweeter Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
37376

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
File identification
MD5 9d8e204ce751c35a219edc2c25a6b98d
SHA1 c6fd2643054ce8d7a226bae178cb2e4eb2e32007
SHA256 80e88cbeff3cfb4dd6d553ee569a821c0c6365be02c8acebe0b2cd701e480dd9
ssdeep
24576:m2U36zUcmbciH3Y0VKipj6fFGbUM2/A47j7ASl+PNJAiaONF:m2aMUhR15R69GA1YajQPNz

authentihash e6d3fee6db2fcc84c994278e5007abe880236ec9742f0eed2d5c5e8854afa11c
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 1.2 MB ( 1296068 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 9.x (51.2%)
Inno Setup installer (37.9%)
Win32 Executable Delphi generic (4.9%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-10-06 16:41:37 UTC ( 6 years, 8 months ago )
Last submission 2016-11-26 00:52:36 UTC ( 1 year, 6 months ago )
File names aa
vt-upload-fHhyJ
twitter-tweeter.exe
twitter-tweeter.exe
DIuntGYj.bz2
lfq0r.ps1
output.12598818.txt
9d8e204ce751c35a219edc2c25a6b98d
12598818
3yWmWe_L.gz
80e88cbeff3cfb4dd6d553ee569a821c0c6365be02c8acebe0b2cd701e480dd9
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!