× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 962092128fb010fcd643eac6759cc1b55ff174b476463de0a1c490f87a5bf9c1
File name: windows7-starter-home-basic-tema-yamasi-yusufpolat.com.tr.exe
Detection ratio: 1 / 57
Analysis date: 2017-02-25 19:01:25 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
CrowdStrike Falcon (ML) malicious_confidence_83% (D) 20170130
Ad-Aware 20170225
AegisLab 20170225
AhnLab-V3 20170225
Alibaba 20170224
ALYac 20170225
Antiy-AVL 20170225
Arcabit 20170225
Avast 20170225
AVG 20170225
Avira (no cloud) 20170225
AVware 20170225
Baidu 20170224
BitDefender 20170225
Bkav 20170225
CAT-QuickHeal 20170225
ClamAV 20170225
CMC 20170225
Comodo 20170225
Cyren 20170225
DrWeb 20170225
Emsisoft 20170225
Endgame 20170222
ESET-NOD32 20170225
F-Prot 20170225
F-Secure 20170225
Fortinet 20170225
GData 20170225
Ikarus 20170225
Sophos ML 20170203
Jiangmin 20170225
K7AntiVirus 20170225
K7GW 20170225
Kaspersky 20170225
Kingsoft 20170225
Malwarebytes 20170225
McAfee 20170225
McAfee-GW-Edition 20170225
Microsoft 20170225
eScan 20170225
NANO-Antivirus 20170225
nProtect 20170225
Panda 20170225
Qihoo-360 20170225
Rising 20170225
Sophos AV 20170225
SUPERAntiSpyware 20170225
Symantec 20170224
Tencent 20170225
TheHacker 20170223
TrendMicro-HouseCall 20170225
Trustlook 20170225
VBA32 20170224
VIPRE 20170225
ViRobot 20170225
Webroot 20170225
WhiteArmor 20170222
Yandex 20170222
Zillya 20170224
Zoner 20170225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Mr. dUSHA

Product Personalization Panel Installer
Original name Personalization Panel Installer
Internal name Personalization Panel Installer
File version 1.2.0 сборка 3
Description Personalization Panel by Mr. dUSHA
Comments Personalization Panel Installer
Packers identified
F-PROT 7Z
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-28 11:53:10
Entry Point 0x0001382F
Number of sections 4
PE sections
Overlays
MD5 1e724ebb513e0eb9f4d21fe15c27ff7e
File type data
Offset 112640
Size 253817
Entropy 8.00
PE imports
FreeSid
AllocateAndInitializeSid
CheckTokenMembership
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
CreateCompatibleDC
DeleteObject
StretchBlt
SetThreadLocale
GetStdHandle
GetDriveTypeW
WaitForSingleObject
LockResource
CreateJobObjectW
GetFileAttributesW
SetInformationJobObject
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
GetLocaleInfoW
FindResourceExA
WideCharToMultiByte
GetTempPathW
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetModuleFileNameW
ExitProcess
lstrcmpiW
SetProcessWorkingSetSize
GetSystemDefaultLCID
MultiByteToWideChar
SetFilePointer
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
MulDiv
SetCurrentDirectoryW
GlobalAlloc
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
EnterCriticalSection
TerminateThread
lstrcmpiA
GetVersionExW
SetEvent
LoadLibraryA
GetStartupInfoA
GetFileSize
GetStartupInfoW
CreateDirectoryW
DeleteFileW
WaitForMultipleObjects
AssignProcessToJobObject
lstrcpyW
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
ResetEvent
FindFirstFileW
lstrcmpW
GetProcAddress
CreateEventW
CreateFileW
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
lstrlenA
GlobalFree
lstrlenW
VirtualFree
GetQueuedCompletionStatus
SizeofResource
CompareFileTime
CreateIoCompletionPort
SetFileTime
GetCommandLineW
SuspendThread
GetModuleHandleA
ReadFile
CloseHandle
GetModuleHandleW
WriteFile
CreateProcessW
Sleep
IsBadReadPtr
VirtualAlloc
strncmp
__p__fmode
malloc
??1type_info@@UAE@XZ
memset
_wcsnicmp
__dllonexit
_controlfp
_except_handler3
??2@YAPAXI@Z
_onexit
_wtol
exit
_XcptFilter
memcmp
__setusermatherr
__p__commode
_acmdln
_CxxThrowException
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_adjust_fdiv
??3@YAXPAX@Z
free
wcsncmp
__getmainargs
_purecall
_initterm
memmove
memcpy
_beginthreadex
_exit
_EH_prolog
__set_app_type
OleLoadPicture
VariantClear
SysAllocString
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc
SetFocus
GetParent
EndDialog
DrawTextW
DefWindowProcW
KillTimer
GetMessageW
ShowWindow
MessageBeep
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
GetMenu
GetWindowRect
ClientToScreen
UnhookWindowsHookEx
CharUpperW
MessageBoxA
LoadIconW
GetWindowDC
GetWindow
GetSysColor
PtInRect
DispatchMessageW
CopyImage
ReleaseDC
SendMessageW
GetWindowLongW
DrawIconEx
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
GetDC
ScreenToClient
CallNextHookEx
wsprintfA
SetTimer
CallWindowProcW
GetSystemMenu
DialogBoxIndirectParamW
EnableWindow
GetClientRect
GetWindowTextW
EnableMenuItem
SetWindowsHookExW
GetClassNameA
GetWindowTextLengthW
CreateWindowExW
wsprintfW
GetKeyState
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
RUSSIAN 5
ENGLISH US 2
PE resources
ExifTool file metadata
SpecialBuild
Only for Windows 7 Home Basic

LegalTrademarks
forum.oszone.net

SubsystemVersion
4.0

Comments
Personalization Panel Installer

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.2.0.3

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Personalization Panel by Mr. dUSHA

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
33792

PrivateBuild
09.08.2011

EntryPoint
0x1382f

OriginalFileName
Personalization Panel Installer

MIMEType
application/octet-stream

LegalCopyright
Mr. dUSHA

FileVersion
1.2.0 3

TimeStamp
2011:04:28 12:53:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Personalization Panel Installer

ProductVersion
1.2.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
78336

ProductName
Personalization Panel Installer

ProductVersionNumber
1.2.0.3

FileTypeExtension
exe

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 f3a26dcdcf9e29bd74e71b065fb5da68
SHA1 4198f7aa11e33b5344c9074f3db855f2054be774
SHA256 962092128fb010fcd643eac6759cc1b55ff174b476463de0a1c490f87a5bf9c1
ssdeep
6144:AwSkOLSssWd3u+F5C2nYd+pmXD0BIBTcL5dkPkcTmXZW2dy/+aviS8QyrfpiGb/q:F2LSssmFs4btdkMcTqMcQyrfEGb/yB

authentihash b40bdcd5de65662849040ffea85ce14ac96dab93ab99fd9145e7374d522d126d
imphash 760fd261ec10f8a22c61d2a2c4d2af7d
File size 357.9 KB ( 366457 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2011-08-13 15:57:50 UTC ( 7 years, 6 months ago )
Last submission 2019-01-26 20:45:17 UTC ( 3 weeks ago )
File names Personalization Panel Installer
Windows 7 Aero Pack.exe
windows7-starter-home-basic-arkaplan.exe
Windows 7 Aero Yama.exe
Unlock Aero By ahlamyusuf.exe
windows7 starter.exe
Win7 Aero Temaları Kullanma www.windows8li.com.exe
windows7-starter-home-basic-tema-yamasi-yusufpolat.com.tr.exe
Win7 Home Basic Starter Aero Temalar? Kullanma - www.hamdicatal.com.exe
smona131845620373346934412
aero.exe
windows7 AERO.exe
Personalization Panel v1.2 (Unlock Aero).exe
Window7-starter-kisisellestirme-menusu.exe
Masüstü Arkaplan Yazılımı.exe
windows7-starter-home-basic-tema-yamasi.exe
AERO TEMA WİN8.exe
Personalization_Panel_v1.2-spaces.ru.exe
13263039622510771301
Windows 7 Home Basic Tema.exe
windows7-starter-home-basic-tema-yamasi-Burhancan Yengi.exe
windows 7 home basic starter tema yamas windows7li.blogspot.com.exe
smona_962092128fb010fcd643eac6759cc1b55ff174b476463de0a1c490f87a5bf9c1.bin
Personalization Panel v1.2.exe
Windows 7 Starter Tema Eklenti Program?.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!