× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9831be520ec7e59a773a9cadaaf5b79bd2dd057693363c7a5f378ac3ef09ca1f
File name: 9672210
Detection ratio: 24 / 68
Analysis date: 2018-06-21 05:05:10 UTC ( 10 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Symmi.70089 20180621
AegisLab Uds.Dangerousobject.Multi!c 20180621
Arcabit Trojan.Symmi.D111C9 20180621
BitDefender Gen:Variant.Symmi.70089 20180621
Bkav W32.HfsAutoB.9B08 20180620
CrowdStrike Falcon (ML) malicious_confidence_90% (W) 20180530
Cybereason malicious.ccbedc 20180225
Cylance Unsafe 20180621
Cyren W32/Trojan.KOSO-6996 20180621
Emsisoft Gen:Variant.Symmi.70089 (B) 20180621
Endgame malicious (high confidence) 20180612
F-Secure Gen:Variant.Symmi.70089 20180621
GData Gen:Variant.Symmi.70089 20180621
Kaspersky Trojan-Dropper.Win32.Delf.eicm 20180621
MAX malware (ai score=96) 20180621
McAfee Artemis!B6D1C94CCBED 20180621
McAfee-GW-Edition Artemis 20180621
Microsoft Trojan:Win32/Fuery.B!cl 20180621
eScan Gen:Variant.Symmi.70089 20180621
SentinelOne (Static ML) static engine - malicious 20180618
Symantec ML.Attribute.HighConfidence 20180621
TrendMicro-HouseCall TROJ_GEN.R002H09FK18 20180621
Yandex Trojan.PWS.Phpw! 20180620
ZoneAlarm by Check Point Trojan-Dropper.Win32.Delf.eicm 20180621
AhnLab-V3 20180621
Alibaba 20180620
ALYac 20180621
Antiy-AVL 20180621
Avast 20180621
Avast-Mobile 20180620
AVG 20180621
Avira (no cloud) 20180620
AVware 20180621
Babable 20180406
Baidu 20180620
CAT-QuickHeal 20180620
ClamAV 20180621
CMC 20180621
Comodo 20180621
DrWeb 20180621
eGambit 20180621
ESET-NOD32 20180621
F-Prot 20180621
Fortinet 20180621
Ikarus 20180620
Sophos ML 20180601
Jiangmin 20180621
K7AntiVirus 20180620
K7GW 20180621
Kingsoft 20180621
Malwarebytes 20180621
NANO-Antivirus 20180621
Palo Alto Networks (Known Signatures) 20180621
Panda 20180620
Qihoo-360 20180621
Rising 20180621
Sophos AV 20180621
SUPERAntiSpyware 20180621
Symantec Mobile Insight 20180619
TACHYON 20180621
Tencent 20180621
TheHacker 20180621
TotalDefense 20180620
TrendMicro 20180621
Trustlook 20180621
VBA32 20180620
VIPRE 20180621
ViRobot 20180620
Webroot 20180621
Zillya 20180620
Zoner 20180620
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2008-2011 ashampoo Technology GmbH Co. KG

Product Ashampoo Burning Studio 2012
Original name burningstudio2012.exe
Internal name Ashampoo Burning Studio 2012
File version 10.0.15.206 (3610)
Description Ashampoo Burning Studio 2012
Signature verification The digital signature of the object did not verify.
Signing date 6:38 AM 6/21/2018
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-01 06:56:22
Entry Point 0x00834000
Number of sections 6
PE sections
Overlays
MD5 2fa36a0769b822e658deafa802165e82
File type data
Offset 3742720
Size 7992
Entropy 7.30
PE imports
Number of PE resources by type
RT_ICON 18
RT_GROUP_ICON 3
RT_DIALOG 1
RT_GROUP_CURSOR 1
RT_MANIFEST 1
RT_BITMAP 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 27
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
903680

ImageVersion
0.0

ProductName
Ashampoo Burning Studio 2012

FileVersionNumber
10.0.15.206

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ashampoo Burning Studio 2012

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
burningstudio2012.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
10.0.15.206 (3610)

TimeStamp
2018:06:01 07:56:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ashampoo Burning Studio 2012

ProductVersion
10.0.15

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright (C) 2008-2011 ashampoo Technology GmbH Co. KG

MachineType
Intel 386 or later, and compatibles

CompanyName
Ashampoo

CodeSize
736768

FileSubtype
0

ProductVersionNumber
10.0.15.206

EntryPoint
0x834000

ObjectFileType
Executable application

File identification
MD5 b6d1c94ccbedc4fef39c29b9d9106476
SHA1 b08a5e06d0e1db65a992fb45652feef0288d687a
SHA256 9831be520ec7e59a773a9cadaaf5b79bd2dd057693363c7a5f378ac3ef09ca1f
ssdeep
98304:HlRk0EVa3n+Gtl+fPYOFCr9ziqfHP9E8oLIurNzJ+jddy:rkFm5MPYOkBmqPPC8urWC

authentihash 1f168944ee0e0ddf365c1020a241e23e45b082b0cae66c055ddb2ae2a973c58f
imphash 2eabe9054cad5152567f0699947a2c5b
File size 3.6 MB ( 3750712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2018-06-20 21:05:58 UTC ( 10 months, 1 week ago )
Last submission 2018-06-20 21:05:58 UTC ( 10 months, 1 week ago )
File names Ashampoo Burning Studio 2012
9672210
kball.exe
burningstudio2012.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Shell commands
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.