Antivirus scan for 8f822ba881d91575dfe95086911ff8ab2d4e3ab12fe56dcedf3acff9edc5a942 at 2017-05-11 13:18:55 UTC

Antivirus	Result	Update
AegisLab	AdWare.W32.WebHancer.16!c	20170511
Avast	Win32:PUP-gen [PUP]	20170511
AVware	webHancer	20170511
Cyren	W32/Adware.NZSD-5216	20170511
F-Prot	W32/Adware.LNH	20170511
GData	Win32.Application.Agent.XBRVTJ	20170511
Jiangmin	Adware/WebHancer.bn	20170510
Kaspersky	not-a-virus:AdWare.Win32.WebHancer.16	20170511
Microsoft	Spyware:Win32/WebHancer.A	20170511
NANO-Antivirus	Trojan.Win32.Webhancer.btvfvd	20170511
Tencent	Win32.Adware.Webhancer.Dzts	20170511
VBA32	AdWare.WebHancer	20170511
VIPRE	webHancer	20170511
Zillya	Adware.WebHancer.Win32.126	20170511
ZoneAlarm by Check Point	not-a-virus:AdWare.Win32.WebHancer.16	20170511
Ad-Aware		20170511
AhnLab-V3		20170511
Alibaba		20170511
ALYac		20170511
Antiy-AVL		20170511
Arcabit		20170511
AVG		20170511
Avira (no cloud)		20170511
Baidu		20170503
BitDefender		20170511
Bkav		20170511
CAT-QuickHeal		20170511
ClamAV		20170511
CMC		20170510
Comodo		20170511
CrowdStrike Falcon (ML)		20170130
DrWeb		20170511
Emsisoft		20170511
Endgame		20170503
ESET-NOD32		20170511
F-Secure		20170511
Fortinet		20170511
Ikarus		20170511
Sophos ML		20170413
K7AntiVirus		20170511
K7GW		20170511
Kingsoft		20170511
Malwarebytes		20170511
McAfee		20170511
McAfee-GW-Edition		20170511
eScan		20170511
nProtect		20170511
Palo Alto Networks (Known Signatures)		20170511
Panda		20170511
Qihoo-360		20170511
Rising		20170511
SentinelOne (Static ML)		20170330
Sophos AV		20170511
SUPERAntiSpyware		20170511
Symantec		20170511
Symantec Mobile Insight		20170511
TheHacker		20170508
TotalDefense		20170511
TrendMicro		20170511
TrendMicro-HouseCall		20170511
Trustlook		20170511
ViRobot		20170511
Webroot		20170511
WhiteArmor		20170502
Yandex		20170510

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.

FileVersionInfo properties

1997,2000 e-merge GmbH

Product Sfx-Factory! Self-Extractor

Original name win32sfx.exe

Internal name Sfx-Factory

File version 2.5.0.0

Description Sfx-Factory! Self-Extractor

Comments http://www.emerge.de

Packers identified

F-PROT appended, ZIP, Aspack, ACE, Petite

PEiD PEtite v2.2

PE header basic information

Target machine Intel 386 or later processors and compatible processors

Compilation timestamp 1992-06-19 22:22:17

Entry Point 0x00057042

Number of sections 8

PE sections

Name Virtual address Virtual size Raw size Entropy MD5

4096 102400 52224 7.97 c005a2b7cfe2ea314bef0f75e6827760

106496 167936 0 0.00 d41d8cd98f00b204e9800998ecf8427e

274432 4096 0 0.00 d41d8cd98f00b204e9800998ecf8427e

278528 4096 0 0.00 d41d8cd98f00b204e9800998ecf8427e

282624 4096 512 1.00 aa387fcfd21c1d586d12ec307616806c

286720 8192 0 0.00 d41d8cd98f00b204e9800998ecf8427e

.petite 294912 61440 35347 7.46 c5a39a124d1414cc2321230afb27c050

356352 1178 1536 4.41 3433e648a525fc39ebc3ad9026b7c9dc

Overlays

MD5 19f2242224bf9fdda40894b969df514b

File type data

Offset 90643

Size 2305102

Entropy 8.00

PE imports

Number of PE resources by type

RT_STRING 23

RT_DIALOG 9

RT_ICON 6

RT_GROUP_ICON 5

RT_BITMAP 1

RT_VERSION 1

Number of PE resources by language

NEUTRAL 31

GERMAN 14

PE resources

2630f566987c79ae41cb645207efeafd0ee5f9b6458a6701c568628448ba8c3a data

2dd7e76821229243e2ad119019bbd864e81cd73cb6d517e3d2cd4545aea8d912 data

34dd1e80fbc82bf336e48bc07b3e26070a5f3eeb34b844343c3b43450d67d6b4 data

3df1c954aeaf0e2ca855c5b705d7f0189b25f564bceb5f567b3cb529895f2ee5 data

3e4f2d09efac00fd5811f34bb1f8a243c0383842bbee8f97d4f7fb3d0bd6c71e data

874ee0ba9350eb9889e853fc839b7c086866420881e3747e65dd2dd47fa81126 data

a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf data

a29e9ab5d00682a0215c4cc24045ba31c1f56349c39a23aafe2d4a676d1ca364 data

b2097f5e0d0310ca25c2097d447aee28f82c19259f275d076d1d098b84e2a459 data

b454910dc390e64f39d31bfee80063fb02fd59f606d9100e6a82f08af03b9a9c data

ExifTool file metadata

MIMEType

application/octet-stream

Subsystem

Windows GUI

MachineType

Intel 386 or later, and compatibles

FileTypeExtension

exe

TimeStamp

1992:06:19 23:22:17+01:00

FileType

Win32 EXE

PEType

PE32

CodeSize

92160

LinkerVersion

2.25

EntryPoint

0x57042

InitializedDataSize

75776

SubsystemVersion

4.0

ImageVersion

0.0

OSVersion

1.0

UninitializedDataSize

File identification

MD5 892c0f6ed7faa2e5f4215aa5b243c112

SHA1 fb6978a24f628776a8dc7c6fcf2b7818cf5656f8

SHA256 8f822ba881d91575dfe95086911ff8ab2d4e3ab12fe56dcedf3acff9edc5a942

ssdeep

49152:UQYsG8UDAdsLtkp2QXviSkK9zJ07991f319Ucu7lnb:3YsGzDAdsLtkp2QmKj0xR9Unl

authentihash 351185a3562ad7c15f553b9c641b567daf63f258995f436950086a648d152d4c

imphash ce479fb3bdc4560c0bbf48a69c5ac209

File size 2.3 MB ( 2395745 bytes )

File type Win32 EXE

Magic literal

PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID	Petite compressed Win32 executable (82.5%) Win32 Dynamic Link Library (generic) (7.5%) Win32 Executable (generic) (5.2%) Generic Win/DOS Executable (2.3%) DOS Executable Generic (2.3%)

VirusTotal metadata

First submission 2007-09-03 05:25:00 UTC ( 10 years, 7 months ago )

Last submission 2017-04-12 05:01:15 UTC ( 1 year ago )

File names

winace15.exe
1.5 _sponsored Freeware__winace15.exe
win32sfx.exe
Sfx-Factory
file-3866582_exe
winace15.exe

Advanced heuristic and reputation engines

ClamAV

Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

F-Secure Deepguard Suspicious:W32/Malware!Gemini

Symantec reputation Suspicious.Insight

SHA256:	8f822ba881d91575dfe95086911ff8ab2d4e3ab12fe56dcedf3acff9edc5a942
File name:	Sfx-Factory
Detection ratio:	15 / 61
Analysis date:	2017-05-11 13:18:55 UTC ( 11 months, 2 weeks ago )

Ciphered bundle