× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 829f9a943f00d8b5d6471c950072fa6c1b1da9ef6294b0061b9083c879871d68
File name: 4.exe
Detection ratio: 1 / 42
Analysis date: 2012-05-18 19:01:20 UTC ( 6 years, 11 months ago ) View latest
Antivirus Result Update
AVG unknown virus Win32/DH{DA0O} 20120518
AhnLab-V3 20120517
AntiVir 20120518
Antiy-AVL 20120518
Avast 20120518
BitDefender 20120518
ByteHero 20120518
CAT-QuickHeal 20120518
ClamAV 20120518
Commtouch 20120518
Comodo 20120518
DrWeb 20120518
Emsisoft 20120518
eSafe 20120516
eTrust-Vet 20120517
F-Prot 20120518
F-Secure 20120518
Fortinet 20120518
GData 20120518
Ikarus 20120518
Jiangmin 20120518
K7AntiVirus 20120518
Kaspersky 20120518
McAfee 20120518
McAfee-GW-Edition 20120518
Microsoft 20120518
NOD32 20120518
Norman 20120518
nProtect 20120518
Panda 20120518
PCTools 20120518
Rising 20120518
Sophos AV 20120518
SUPERAntiSpyware 20120518
Symantec 20120518
TheHacker 20120517
TrendMicro 20120518
TrendMicro-HouseCall 20120518
VBA32 20120518
VIPRE 20120518
ViRobot 20120518
VirusBuster 20120518
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-15 16:20:49
Entry Point 0x00001286
Number of sections 3
PE sections
PE imports
DeviceIoControl
HeapFree
CopyFileW
WaitForSingleObject
ExitProcess
LoadLibraryA
GetFileSize
DeleteFileA
GetProcAddress
GetProcessHeap
SetFilePointer
CreateThread
GetModuleHandleA
ReadFile
GetTempPathW
CloseHandle
MoveFileExA
HeapCreate
WriteFile
CreateFileW
Sleep
CreateFileA
HeapAlloc
memset
sprintf
memcpy
ShellExecuteExW
GetShellWindow
SetForegroundWindow
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:02:15 17:20:49+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3584

LinkerVersion
10.0

EntryPoint
0x1286

InitializedDataSize
7168

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 d3bb67993b2dfffebd818d356fec7637
SHA1 6458ac1743972a04d8dae5e1201201bf325efedb
SHA256 829f9a943f00d8b5d6471c950072fa6c1b1da9ef6294b0061b9083c879871d68
ssdeep
192:XcXMWwSDBJjS01x8449H5oB9/Rka1Qv8tI4U:WldrSyxw7oaijI

authentihash 7776aab9a04d7ea7e7fbd6c988266ce7e15bea226f015e4a8a3c3436db694846
imphash 82fb7e0259aaf81f3fbdaf4dbc8ad559
File size 7.0 KB ( 7168 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2012-05-18 18:29:03 UTC ( 6 years, 11 months ago )
Last submission 2018-02-09 14:11:32 UTC ( 1 year, 2 months ago )
File names file-3968396_exe
4.exe
4.exe
ransom4.exe
829f9a943f00d8b5d6471c950072fa6c1b1da9ef6294b0061b9083c879871d68
4_2.exe
file
4.exe
201201b_75.exe
MBR Ransomfs.exe
E24218D0_SessionEndCopy.exe
4.exe .exe
d3bb67993b2dfffebd818d356fec7637
97318A1400AD6BAE1C59006742D429004551D53F.exe
1559114
6753244842.exe
4[1].exe
RANSO-FX.000
4.exe_
vt_0019.vir
smona_829f9a943f00d8b5d6471c950072fa6c1b1da9ef6294b0061b9083c879871d68.bin
4.ex
829f9a943f00d8b5d6471c950072fa6c1b1da9ef6294b0061b9083c879871d68.bin
E2448008_SessionEndCopy.exe
4.ee
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!