× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 8f822ba881d91575dfe95086911ff8ab2d4e3ab12fe56dcedf3acff9edc5a942
File name: Sfx-Factory
Detection ratio: 15 / 61
Analysis date: 2017-05-11 13:18:55 UTC ( 8 months, 1 week ago )
Antivirus Result Update
AegisLab AdWare.W32.WebHancer.16!c 20170511
Avast Win32:PUP-gen [PUP] 20170511
AVware webHancer 20170511
Cyren W32/Adware.NZSD-5216 20170511
F-Prot W32/Adware.LNH 20170511
GData Win32.Application.Agent.XBRVTJ 20170511
Jiangmin Adware/WebHancer.bn 20170510
Kaspersky not-a-virus:AdWare.Win32.WebHancer.16 20170511
Microsoft Spyware:Win32/WebHancer.A 20170511
NANO-Antivirus Trojan.Win32.Webhancer.btvfvd 20170511
Tencent Win32.Adware.Webhancer.Dzts 20170511
VBA32 AdWare.WebHancer 20170511
VIPRE webHancer 20170511
Zillya Adware.WebHancer.Win32.126 20170511
ZoneAlarm by Check Point not-a-virus:AdWare.Win32.WebHancer.16 20170511
Ad-Aware 20170511
AhnLab-V3 20170511
Alibaba 20170511
ALYac 20170511
Antiy-AVL 20170511
Arcabit 20170511
AVG 20170511
Avira (no cloud) 20170511
Baidu 20170503
BitDefender 20170511
Bkav 20170511
CAT-QuickHeal 20170511
ClamAV 20170511
CMC 20170510
Comodo 20170511
CrowdStrike Falcon (ML) 20170130
DrWeb 20170511
Emsisoft 20170511
Endgame 20170503
ESET-NOD32 20170511
F-Secure 20170511
Fortinet 20170511
Ikarus 20170511
Sophos ML 20170413
K7AntiVirus 20170511
K7GW 20170511
Kingsoft 20170511
Malwarebytes 20170511
McAfee 20170511
McAfee-GW-Edition 20170511
eScan 20170511
nProtect 20170511
Palo Alto Networks (Known Signatures) 20170511
Panda 20170511
Qihoo-360 20170511
Rising 20170511
SentinelOne (Static ML) 20170330
Sophos AV 20170511
SUPERAntiSpyware 20170511
Symantec 20170511
Symantec Mobile Insight 20170511
TheHacker 20170508
TotalDefense 20170511
TrendMicro 20170511
TrendMicro-HouseCall 20170511
Trustlook 20170511
ViRobot 20170511
Webroot 20170511
WhiteArmor 20170502
Yandex 20170510
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
1997,2000 e-merge GmbH

Product Sfx-Factory! Self-Extractor
Original name win32sfx.exe
Internal name Sfx-Factory
File version 2.5.0.0
Description Sfx-Factory! Self-Extractor
Comments http://www.emerge.de
Packers identified
F-PROT appended, ZIP, Aspack, ACE, Petite
PEiD PEtite v2.2
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00057042
Number of sections 8
PE sections
Overlays
MD5 19f2242224bf9fdda40894b969df514b
File type data
Offset 90643
Size 2305102
Entropy 8.00
PE imports
RegFlushKey
PatBlt
VirtualProtect
Sleep
LoadLibraryA
ExitProcess
GetProcAddress
CoInitialize
VariantClear
ShellAboutA
SHGetMalloc
wsprintfA
MessageBoxA
GetDC
Number of PE resources by type
RT_STRING 23
RT_DIALOG 9
RT_ICON 6
RT_GROUP_ICON 5
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 31
GERMAN 14
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
92160

LinkerVersion
2.25

EntryPoint
0x57042

InitializedDataSize
75776

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 892c0f6ed7faa2e5f4215aa5b243c112
SHA1 fb6978a24f628776a8dc7c6fcf2b7818cf5656f8
SHA256 8f822ba881d91575dfe95086911ff8ab2d4e3ab12fe56dcedf3acff9edc5a942
ssdeep
49152:UQYsG8UDAdsLtkp2QXviSkK9zJ07991f319Ucu7lnb:3YsGzDAdsLtkp2QmKj0xR9Unl

authentihash 351185a3562ad7c15f553b9c641b567daf63f258995f436950086a648d152d4c
imphash ce479fb3bdc4560c0bbf48a69c5ac209
File size 2.3 MB ( 2395745 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Petite compressed Win32 executable (82.5%)
Win32 Dynamic Link Library (generic) (7.5%)
Win32 Executable (generic) (5.2%)
Generic Win/DOS Executable (2.3%)
DOS Executable Generic (2.3%)
Tags
peexe overlay aspack petite

VirusTotal metadata
First submission 2007-09-03 05:25:00 UTC ( 10 years, 4 months ago )
Last submission 2017-04-12 05:01:15 UTC ( 9 months, 1 week ago )
File names winace15.exe
1.5 _sponsored Freeware__winace15.exe
win32sfx.exe
Sfx-Factory
file-3866582_exe
winace15.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!