× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 89f799e094d04b08d918068f06d7f3381cff24d2b733b077091e744aa052e22b
File name: mscab.exe
Detection ratio: 0 / 42
Analysis date: 2012-06-19 01:38:11 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120618
AntiVir 20120619
Antiy-AVL 20120619
Avast 20120618
AVG 20120618
BitDefender 20120619
ByteHero 20120618
CAT-QuickHeal 20120616
ClamAV 20120619
Commtouch 20120619
Comodo 20120619
DrWeb 20120619
Emsisoft 20120619
eSafe 20120617
F-Prot 20120619
F-Secure 20120618
Fortinet 20120619
GData 20120619
Ikarus 20120619
Jiangmin 20120618
K7AntiVirus 20120618
Kaspersky 20120619
McAfee 20120619
McAfee-GW-Edition 20120618
Microsoft 20120618
NOD32 20120618
Norman 20120618
nProtect 20120618
Panda 20120618
PCTools 20120619
Rising 20120618
Sophos AV 20120619
SUPERAntiSpyware 20120617
Symantec 20120619
TheHacker 20120618
TotalDefense 20120618
TrendMicro 20120619
TrendMicro-HouseCall 20120618
VBA32 20120618
VIPRE 20120618
ViRobot 20120618
VirusBuster 20120618
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-14 09:39:12
Entry Point 0x00019290
Number of sections 4
PE sections
PE imports
GetOpenFileNameA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
GetDriveTypeA
EncodePointer
SetConsoleCursorPosition
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetOEMCP
LocalFree
MoveFileA
ResumeThread
FindClose
InterlockedDecrement
LocalHandle
SetLastError
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RemoveDirectoryA
HeapSetInformation
SetConsoleCtrlHandler
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
CreateThread
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetPriorityClass
TerminateProcess
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetFullPathNameA
GetProcAddress
GetConsoleScreenBufferInfo
GetProcessHeap
FindFirstFileA
lstrcpyA
CompareStringA
GetTempFileNameA
FindNextFileA
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetModuleFileNameA
FileTimeToLocalFileTime
GetCurrentProcessId
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetModuleHandleW
GetDiskFreeSpaceA
IsValidCodePage
HeapCreate
Sleep
SetFocus
GetMessageA
GetForegroundWindow
UpdateWindow
EndDialog
PostQuitMessage
DefWindowProcA
ShowWindow
RemoveMenu
SendDlgItemMessageA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MoveWindow
GetDlgItemTextA
MessageBoxA
TranslateMessage
CheckDlgButton
SetWindowTextA
SendMessageA
GetDlgItem
RegisterClassA
ScreenToClient
CreateWindowExA
IsDlgButtonChecked
GetDesktopWindow
GetSystemMenu
SetForegroundWindow
DestroyWindow
DialogBoxIndirectParamA
CharToOemA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:06:14 10:39:12+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
126976

LinkerVersion
10.0

EntryPoint
0x19290

InitializedDataSize
110080

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 ec642e4665155a658599925f2b346221
SHA1 a2d73d1fa1fc6eaa7810dc3e94030dce3c20e7aa
SHA256 89f799e094d04b08d918068f06d7f3381cff24d2b733b077091e744aa052e22b
ssdeep
3072:f2lcyJrWZnbfcUzDPyEHNd8JqOsfrpnfnVr3Rjbcl8x8KJFHtWYYWoHv7SgE:f2lcyAuEHAOfPpbclk8K7tIWoH

authentihash 4ced9dcc0180cb3bfede899c603c608db38b562c981b3c57ded9c3450840a0d1
imphash e5d123a7c7f34ad44f0578aaf5fc2857
File size 178.0 KB ( 182272 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (23.8%)
UPX compressed Win32 Executable (23.3%)
Win64 Executable (generic) (21.0%)
Win32 EXE Yoda's Crypter (20.2%)
Win32 Dynamic Link Library (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-19 01:38:11 UTC ( 6 years, 8 months ago )
Last submission 2012-06-19 01:38:11 UTC ( 6 years, 8 months ago )
File names mscab.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.