× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8b8ddd187071473161e125e62715e2987a1cdb69c1034a3442b0f1a809afbf39
File name: CEX2DEX.exe
Detection ratio: 5 / 37
Analysis date: 2012-07-14 12:35:41 UTC ( 1 year, 9 months ago ) View latest
Antivirus Result Update
Commtouch W32/Backdoor.AB.gen!Eldorado 20120705
Comodo Heur.Packed.Unknown 20120705
F-Prot W32/Backdoor.AB.gen!Eldorado 20120705
K7AntiVirus Backdoor 20120705
Symantec WS.Reputation.1 20120706
AhnLab-V3 20120705
AntiVir 20120705
Antiy-AVL 20120705
Avast 20120705
BitDefender 20120705
ByteHero 20120704
CAT-QuickHeal 20120705
ClamAV 20120705
Emsisoft 20120705
F-Secure 20120706
Fortinet 20120705
GData 20120705
Ikarus 20120705
Jiangmin 20120705
Kaspersky 20120705
McAfee 20120706
McAfee-GW-Edition 20120705
Microsoft 20120705
NOD32 20120705
Norman 20120705
PCTools 20120705
Panda 20120705
Rising 20120705
SUPERAntiSpyware 20120705
Sophos 20120705
TheHacker 20120704
TotalDefense 20120705
VBA32 20120705
VIPRE 20120705
ViRobot 20120705
VirusBuster 20120705
nProtect 20120706
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-09 06:36:02
Link date 7:36 AM 2/9/2008
Entry Point 0x000050AC
Number of sections 9
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetLastError
GetStdHandle
FreeLibrary
ExitProcess
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
LockResource
UnhandledExceptionFilter
GetCommandLineA
GetProcAddress
GetModuleHandleA
RaiseException
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetACP
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetCurrentThreadId
FindResourceA
VirtualAlloc
LocalAlloc
MessageBoxA
GetKeyboardType
DestroyWindow
Number of PE resources by type
RT_ICON 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:02:09 07:36:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13312

LinkerVersion
2.25

EntryPoint
0x50ac

InitializedDataSize
26624

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 58b4ac496d9eddba8aa7fac90a062c0d
SHA1 2f61ea8b2fbe6d9ed7eeb72b54bcb3346edaff63
SHA256 8b8ddd187071473161e125e62715e2987a1cdb69c1034a3442b0f1a809afbf39
ssdeep
768:r4VZ1p/ija+1IZUq3JlSR0l8r5az2b20G6zYoKHUfs7PnpjagI:r4VZeqZlA/anxHksbnk

File size 40.0 KB ( 40960 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.3%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-07-13 10:36:50 UTC ( 1 year, 9 months ago )
Last submission 2012-07-23 10:23:41 UTC ( 1 year, 9 months ago )
File names CEX2DEX.exe
file-4231394_exe
smona_8b8ddd187071473161e125e62715e2987a1cdb69c1034a3442b0f1a809afbf39.bin
c2d.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!