| SHA256: | 8b891dc590167ff838fd217ad15696ffa4076176e2924d4d31c44e3caa47036b |
| File name: | 267291 |
| Detection ratio: | 1 / 57 |
| Analysis date: | 2016-04-03 12:58:03 UTC ( 2 years, 10 months ago ) View latest |
| Antivirus | Result | Update |
|---|---|---|
| Baidu | Win32.Virus.Lamer.g | 20160402 |
| Ad-Aware | 20160403 | |
| AegisLab | 20160403 | |
| AhnLab-V3 | 20160403 | |
| Alibaba | 20160401 | |
| ALYac | 20160403 | |
| Antiy-AVL | 20160403 | |
| Arcabit | 20160403 | |
| Avast | 20160403 | |
| AVG | 20160403 | |
| Avira (no cloud) | 20160403 | |
| AVware | 20160403 | |
| Baidu-International | 20160403 | |
| BitDefender | 20160403 | |
| Bkav | 20160402 | |
| CAT-QuickHeal | 20160402 | |
| ClamAV | 20160402 | |
| CMC | 20160401 | |
| Comodo | 20160403 | |
| Cyren | 20160403 | |
| DrWeb | 20160403 | |
| Emsisoft | 20160403 | |
| ESET-NOD32 | 20160403 | |
| F-Prot | 20160403 | |
| F-Secure | 20160403 | |
| Fortinet | 20160403 | |
| GData | 20160403 | |
| Ikarus | 20160403 | |
| Jiangmin | 20160403 | |
| K7AntiVirus | 20160403 | |
| K7GW | 20160403 | |
| Kaspersky | 20160403 | |
| Kingsoft | 20160403 | |
| Malwarebytes | 20160403 | |
| McAfee | 20160403 | |
| McAfee-GW-Edition | 20160403 | |
| Microsoft | 20160403 | |
| eScan | 20160403 | |
| NANO-Antivirus | 20160403 | |
| nProtect | 20160401 | |
| Panda | 20160403 | |
| Qihoo-360 | 20160403 | |
| Rising | 20160403 | |
| Sophos AV | 20160403 | |
| SUPERAntiSpyware | 20160403 | |
| Symantec | 20160331 | |
| Tencent | 20160403 | |
| TheHacker | 20160403 | |
| TotalDefense | 20160402 | |
| TrendMicro | 20160403 | |
| TrendMicro-HouseCall | 20160403 | |
| VBA32 | 20160401 | |
| VIPRE | 20160403 | |
| ViRobot | 20160402 | |
| Yandex | 20160316 | |
| Zillya | 20160402 | |
| Zoner | 20160403 |
The file being studied is a Portable Executable file!
More specifically, it is a Win32 EXE
file
for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:52
Entry Point 0x000030FA
Number of sections 5
PE sections
Overlays
MD5 2ae06a31ee8a7d77031c70fd88c63917
File type data
Offset 48128
Size 155331
Entropy 8.00
PE imports
Number of PE resources by type
RT_ICON 7
RT_DIALOG 5
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
FileTypeExtension
exe
TimeStamp
2009:12:05 23:50:52+01:00
FileType
Win32 EXE
PEType
PE32
CodeSize
24064
LinkerVersion
6.0
ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit
EntryPoint
0x30fa
InitializedDataSize
164864
SubsystemVersion
4.0
ImageVersion
6.0
OSVersion
4.0
UninitializedDataSize
1024
Execution parents
File identification
MD5 6b4eda5c393d1f2f2d97ed6bdcae9ff9
SHA1 b14d3bb2bf6cdc60a3cd0dbae2602203aae1349c
SHA256 8b891dc590167ff838fd217ad15696ffa4076176e2924d4d31c44e3caa47036b
ssdeep
3072:QgXdZt9P6D3XJE45XTU/rKB/NNeP5spHYj/uMEf25hdJwsgbsKRa69kqPrjP:Qe34G/2lyhsRY7NTu9M6vPrjP
File size
198.7 KB ( 203459 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
| TrID |
NSIS - Nullsoft Scriptable Install System (94.6%) Win32 Executable MS Visual C++ (generic) (3.4%) Win32 Dynamic Link Library (generic) (0.7%) Win32 Executable (generic) (0.5%) OS/2 Executable (generic) (0.2%) |
Tags
nsis
peexe
upx
overlay
VirusTotal metadata
First submission
2012-04-09 13:24:40 UTC ( 6 years, 10 months ago )
Last submission
2018-08-19 19:03:05 UTC ( 6 months, 1 week ago )
| File names |
267291 1341954232-bs.exe bs.exe bs.exe bs.exe 10042816 bs.exe octet-stream 8B891DC590167FF838FD217AD15696FFA4076176E2924D4D31C44E3CAA47036B output.10042816.txt |
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the
scanned file presents certain characteristics which depending on the
user policies and environment may or may not represent a threat. For
full details see:
https://www.clamav.net/documents/potentially-unwanted-applications-pua
.
Symantec reputation
Suspicious.Insight
No comments.
No VirusTotal Community member has commented on this item yet, be the first one to do so!
You have not signed in. Only registered users can leave comments, sign in and have a voice!
No votes.
No one has voted on this item yet, be the first one to do so!