× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b6e3d58a7b82fdca167dd546831610774945b7a51b6c722eb9e81f8e427e632
File name: extkmmht [upx decompressed].exe
Detection ratio: 0 / 43
Analysis date: 2011-12-06 11:25:42 UTC ( 2 years, 7 months ago )
Antivirus Result Update
AVG 20111205
AhnLab-V3 20111205
AntiVir 20111206
Antiy-AVL 20111206
Avast 20111206
BitDefender 20111206
ByteHero 20111129
CAT-QuickHeal 20111206
ClamAV 20111206
Commtouch 20111206
Comodo 20111206
DrWeb 20111206
Emsisoft 20111206
F-Prot 20111129
F-Secure 20111206
Fortinet 20111206
GData 20111206
Ikarus 20111206
Jiangmin 20111205
K7AntiVirus 20111205
Kaspersky 20111205
McAfee 20111206
McAfee-GW-Edition 20111206
Microsoft 20111206
NOD32 20111204
Norman 20111206
PCTools 20111206
Panda 20111206
Prevx 20111206
Rising 20111206
SUPERAntiSpyware 20111206
Sophos 20111206
Symantec 20111206
TheHacker 20111201
TrendMicro 20111205
TrendMicro-HouseCall 20111206
VBA32 20111205
VIPRE 20111205
ViRobot 20111206
VirusBuster 20111206
eSafe 20111204
eTrust-Vet 20111206
nProtect 20111206
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
File version 3, 2, 12, 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-12 08:51:05
Entry Point 0x00054D3D
Number of sections 4
PE sections
PE imports
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragEnter
ImageList_BeginDrag
ImageList_SetDragCursorImage
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Remove
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
BeginPath
SetTextColor
GetObjectW
SetBkMode
RoundRect
SetBkColor
CloseFigure
SetPixel
EndPath
StrokePath
StrokeAndFillPath
ExtCreatePen
PolyBezierTo
SetViewportOrgEx
Rectangle
CreatePen
CreateSolidBrush
CreateCompatibleBitmap
GetPixel
DeleteDC
GetDIBits
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontW
GetDeviceCaps
GetTextFaceW
GetStockObject
CreateDCW
GetTextExtentPoint32W
DeleteObject
UnmapViewOfFile
OpenProcess
CreateFileMappingW
MapViewOfFile
WriteProcessMemory
ReadProcessMemory
CreateFileW
ReadFile
SetFilePointer
SetFileTime
FindResourceW
LoadResource
GetFileAttributesW
LockResource
FindFirstFileW
SizeofResource
FindClose
EnumResourceNamesW
DeleteFileW
FindNextFileW
lstrcmpiW
MoveFileW
OutputDebugStringW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
TerminateProcess
SetSystemPowerState
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
InterlockedIncrement
InterlockedDecrement
WriteFile
CreatePipe
GetStdHandle
InterlockedExchange
EnterCriticalSection
TerminateThread
LeaveCriticalSection
DeleteCriticalSection
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetDriveTypeW
QueryPerformanceFrequency
GetVolumeInformationW
SetVolumeLabelW
DeviceIoControl
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
SetFileAttributesW
WritePrivateProfileSectionW
GetShortPathNameW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetEnvironmentVariableW
GetFileSize
SetEnvironmentVariableW
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
SetProcessWorkingSetSize
GlobalMemoryStatus
Beep
GetComputerNameW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcessId
GetCurrentThread
CreateProcessW
SetPriorityClass
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetModuleFileNameA
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
RtlUnwind
QueryPerformanceCounter
GetModuleHandleW
GetSystemInfo
GetVersionExW
GetCurrentThreadId
Sleep
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
GetCurrentProcess
LoadLibraryA
GetModuleFileNameW
GetFullPathNameW
SetCurrentDirectoryW
GetConsoleCP
GetConsoleMode
SetHandleCount
GetCurrentDirectoryW
FreeLibrary
InitializeCriticalSection
GetProcAddress
LoadLibraryW
GetStartupInfoW
GetVersionExA
ExitProcess
ExitThread
GetSystemTimeAsFileTime
GetFileType
GetStartupInfoA
SetStdHandle
ResumeThread
FlushFileBuffers
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetTickCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
GetDiskFreeSpaceW
SetEnvironmentVariableA
WNetUseConnectionW
WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W
15 more function(s) imported by ordinal)
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish
SetWindowLongW
FlashWindow
GetActiveWindow
InflateRect
CharNextW
DrawFocusRect
wsprintfW
DrawTextW
RedrawWindow
FrameRect
DrawFrameControl
FillRect
DrawMenuBar
PtInRect
DestroyMenu
SetMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
GetWindowTextLengthW
SetCursor
GetWindowDC
TranslateAcceleratorW
GetSystemMetrics
IsDialogMessageW
CreateMenu
IsDlgButtonChecked
GetSysColor
DefDlgProcW
ReleaseCapture
SetCapture
SetActiveWindow
FindWindowExW
EnumThreadWindows
LoadImageW
CreateIconFromResourceEx
mouse_event
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
IsZoomed
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
DispatchMessageW
GetDC
GetKeyboardLayoutNameA
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
DestroyWindow
GetMenu
GetClientRect
CopyRect
EndPaint
BeginPaint
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
SendMessageTimeoutW
GetFocus
GetWindowTextW
ScreenToClient
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
GetCaretPos
GetSubMenu
GetMenuStringW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
GetKeyboardLayoutNameW
ClientToScreen
RegisterHotKey
ReleaseDC
SetMenuItemInfoW
GetCursor
PostMessageW
GetWindowRect
MessageBoxW
GetForegroundWindow
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
MessageBoxA
RegisterWindowMessageW
DestroyIcon
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
TranslateMessage
PeekMessageW
WindowFromPoint
SetClipboardData
EmptyClipboard
CountClipboardFormats
SetWindowPos
CopyImage
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
AdjustWindowRectEx
SetRect
CharLowerBuffW
GetMessageW
VkKeyScanA
LockWindowUpdate
UnregisterHotKey
keybd_event
ExitWindowsEx
CharUpperW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
waveOutSetVolume
mciSendStringW
timeGetTime
21 more function(s) imported by ordinal)
GetSaveFileNameW
GetOpenFileNameW
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
IIDFromString
StringFromIID
CLSIDFromString
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
StringFromCLSID
OleUninitialize
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
3.2.12.1

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
189952

MIMEType
application/octet-stream

FileVersion
3, 2, 12, 1

TimeStamp
2008:06:12 10:51:05+02:00

FileType
Win32 EXE

PEType
PE32

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

CompiledScript
AutoIt v3 Script : 3, 2, 12, 1

MachineType
Intel 386 or later, and compatibles

CodeSize
417792

FileSubtype
0

ProductVersionNumber
3.2.12.1

EntryPoint
0x54d3d

ObjectFileType
Unknown

File identification
MD5 0dc363cfea793de22bb89fe429e6fbad
SHA1 4acfbd6c7c27d16c9c383403b9377d80e11027de
SHA256 8b6e3d58a7b82fdca167dd546831610774945b7a51b6c722eb9e81f8e427e632
ssdeep
12288:56SKqT31T6WpJY6V765jKqostkm3NbL4VKe0o:IxqT31T6WE6I5jKqosOm9bL4VKe0o

File size 521.2 KB ( 533681 bytes )
File type Win32 EXE
Magic literal

TrID Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
VirusTotal metadata
First submission 2011-12-06 11:25:42 UTC ( 2 years, 7 months ago )
Last submission 2011-12-06 11:25:42 UTC ( 2 years, 7 months ago )
File names extkmmht [upx decompressed].exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!