× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 936ed741a91ca9f3753da286555f98ef8eb9824ab1df99ce78e35082d62361f6
File name: Live360.exe
Detection ratio: 19 / 47
Analysis date: 2013-09-03 03:42:17 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Pincav 20130902
Avast Win32:Malware-gen 20130903
AVG Generic34.ASWH 20130903
BitDefender Gen:Variant.Zusy.37182 20130903
DrWeb Trojan.Siggen5.32001 20130903
Emsisoft Gen:Variant.Zusy.37182 (B) 20130903
ESET-NOD32 a variant of Win32/Injector.ALHM 20130902
F-Secure Gen:Variant.Zusy.37182 20130902
Fortinet W32/Wmonder.A!tr 20130903
GData Gen:Variant.Zusy.37182 20130903
Kaspersky Trojan.Win32.Pincav.cnrt 20130903
eScan Gen:Variant.Zusy.37182 20130903
nProtect Trojan/W32.Pincav.118784.CZ 20130903
Panda Suspicious file 20130902
PCTools Backdoor.Vidgrab 20130902
Sophos Troj/Wmonder-A 20130903
Symantec Backdoor.Vidgrab!gen1 20130903
TrendMicro BKDR_EVILOGE.SM 20130903
TrendMicro-HouseCall BKDR_EVILOGE.SM 20130903
Yandex 20130902
AntiVir 20130903
Antiy-AVL 20130902
Baidu 20130816
ByteHero 20130902
CAT-QuickHeal 20130902
ClamAV 20130903
Commtouch 20130903
Comodo 20130903
F-Prot 20130903
Ikarus 20130903
Jiangmin 20130902
K7AntiVirus 20130902
K7GW 20130902
Kingsoft 20130829
Malwarebytes 20130903
McAfee 20130903
McAfee-GW-Edition 20130902
Microsoft 20130902
NANO-Antivirus 20130903
Norman 20130902
Rising 20130902
SUPERAntiSpyware 20130902
TheHacker 20130901
TotalDefense 20130902
VBA32 20130902
VIPRE 20130903
ViRobot 20130902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-29 03:13:50
Entry Point 0x00002252
Number of sections 4
PE sections
PE imports
GetStartupInfoA
ResumeThread
GetVersion
GetModuleHandleA
ExpandEnvironmentStringsA
GetTickCount
CloseHandle
VirtualFreeEx
CreateFileA
Sleep
GetModuleFileNameA
GetCurrentThreadId
GetLocalTime
SetSystemTime
__p__fmode
_acmdln
memset
fclose
strcat
fopen
_except_handler3
??2@YAPAXI@Z
fwrite
__p__commode
memcpy
exit
_XcptFilter
memcmp
__setusermatherr
_controlfp
__CxxFrameHandler
_adjust_fdiv
??3@YAXPAX@Z
__getmainargs
_initterm
_exit
__set_app_type
SHSetValueA
SHDeleteValueA
GetMessageA
GetInputState
PostThreadMessageA
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:07:29 04:13:50+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
6.0

FileAccessDate
2014:08:04 08:11:29+01:00

EntryPoint
0x2252

InitializedDataSize
106496

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:08:04 08:11:29+01:00

UninitializedDataSize
0

File identification
MD5 588d3316d4bbfdbb25658d436f06ed96
SHA1 904307c50799ca8fbbd94c33d0d0f5e5a9ab521d
SHA256 936ed741a91ca9f3753da286555f98ef8eb9824ab1df99ce78e35082d62361f6
ssdeep
1536:J/W8cmO8P3J0iWrtwi6qINGEOV5afr/PI8eeJgkk3GLsfMlxZ9HdX13LZOgU44cC:SmOYMr8UEM8fr/4eoWL7xh173Uh6G8

authentihash ea2efa996e1287b019a319832326674ecc56fec83b7417d4cec6f89422777b43
imphash dbd28b057373a447468300e91f93a5d7
File size 116.0 KB ( 118784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2013-09-03 03:42:17 UTC ( 3 years, 8 months ago )
Last submission 2014-10-01 10:23:24 UTC ( 2 years, 7 months ago )
File names Live360.exe
PZ (91).exe_
DW20.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!