× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: 8f822ba881d91575dfe95086911ff8ab2d4e3ab12fe56dcedf3acff9edc5a942
File name: Sfx-Factory
Detection ratio: 17 / 68
Analysis date: 2018-08-10 04:40:07 UTC ( 2 months, 1 week ago )
Antivirus Result Update
AegisLab Adware.Win32.WebHancer.2!c 20180810
Avast Win32:PUP-gen [PUP] 20180810
AVG Win32:PUP-gen [PUP] 20180810
AVware webHancer 20180810
CMC Packed.Win32.Klone!O 20180809
Cylance Unsafe 20180810
Cyren W32/Adware.NZSD-5216 20180810
F-Prot W32/Adware.LNH 20180810
Fortinet Adware/WebHancer 20180810
Jiangmin Adware/WebHancer.bn 20180810
Kaspersky not-a-virus:AdWare.Win32.WebHancer.16 20180810
Microsoft Spyware:Win32/WebHancer.A 20180810
NANO-Antivirus Trojan.Win32.Webhancer.btvfvd 20180810
VBA32 AdWare.WebHancer 20180808
VIPRE webHancer 20180810
Zillya Adware.WebHancer.Win32.126 20180809
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.WebHancer.16 20180810
Ad-Aware 20180810
AhnLab-V3 20180809
Alibaba 20180713
ALYac 20180810
Antiy-AVL 20180810
Arcabit 20180810
Avast-Mobile 20180810
Avira (no cloud) 20180809
Babable 20180725
Baidu 20180809
BitDefender 20180810
Bkav 20180807
CAT-QuickHeal 20180807
ClamAV 20180810
Comodo 20180810
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
DrWeb 20180810
eGambit 20180810
Emsisoft 20180810
Endgame 20180730
ESET-NOD32 20180810
F-Secure 20180810
GData 20180810
Ikarus 20180809
Sophos ML 20180717
K7AntiVirus 20180809
K7GW 20180810
Kingsoft 20180810
Malwarebytes 20180810
MAX 20180810
McAfee 20180810
McAfee-GW-Edition 20180810
eScan 20180810
Palo Alto Networks (Known Signatures) 20180810
Panda 20180809
Qihoo-360 20180810
Rising 20180810
SentinelOne (Static ML) 20180701
Sophos AV 20180809
SUPERAntiSpyware 20180810
Symantec 20180809
Symantec Mobile Insight 20180809
TACHYON 20180810
Tencent 20180810
TheHacker 20180807
TotalDefense 20180809
TrendMicro 20180810
TrendMicro-HouseCall 20180810
Trustlook 20180810
ViRobot 20180809
Webroot 20180810
Yandex 20180808
Zoner 20180809
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
1997,2000 e-merge GmbH

Product Sfx-Factory! Self-Extractor
Original name win32sfx.exe
Internal name Sfx-Factory
File version 2.5.0.0
Description Sfx-Factory! Self-Extractor
Comments http://www.emerge.de
Packers identified
F-PROT appended, ZIP, Aspack, ACE, Petite
PEiD PEtite v2.2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00057042
Number of sections 8
PE sections
Overlays
MD5 19f2242224bf9fdda40894b969df514b
File type data
Offset 90643
Size 2305102
Entropy 8.00
PE imports
[+] advapi32.dll
RegFlushKey
[+] gdi32.dll
PatBlt
[+] kernel32.dll
VirtualProtect
Sleep
LoadLibraryA
ExitProcess
GetProcAddress
[+] ole32.dll
CoInitialize
[+] oleaut32.dll
VariantClear
[+] shell32.dll
ShellAboutA
SHGetMalloc
[+] user32.dll
wsprintfA
MessageBoxA
GetDC
Number of PE resources by type
RT_STRING 23
RT_DIALOG 9
RT_ICON 6
RT_GROUP_ICON 5
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 31
GERMAN 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
92160

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x57042

InitializedDataSize
75776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 892c0f6ed7faa2e5f4215aa5b243c112
SHA1 fb6978a24f628776a8dc7c6fcf2b7818cf5656f8
SHA256 8f822ba881d91575dfe95086911ff8ab2d4e3ab12fe56dcedf3acff9edc5a942
ssdeep
49152:UQYsG8UDAdsLtkp2QXviSkK9zJ07991f319Ucu7lnb:3YsGzDAdsLtkp2QmKj0xR9Unl

authentihash 351185a3562ad7c15f553b9c641b567daf63f258995f436950086a648d152d4c
imphash ce479fb3bdc4560c0bbf48a69c5ac209
File size 2.3 MB ( 2395745 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Petite compressed Win32 executable (80.6%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.0%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe petite aspack overlay

VirusTotal metadata
First submission 2007-09-03 05:25:00 UTC ( 11 years, 1 month ago )
Last submission 2017-04-12 05:01:15 UTC ( 1 year, 6 months ago )
File names winace15.exe
1.5 _sponsored Freeware__winace15.exe
win32sfx.exe
Sfx-Factory
file-3866582_exe
winace15.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

F-Secure Deepguard Suspicious:W32/Malware!Gemini
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | Contact us | ToS | Privacy policy