× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98bce1f64af44e25cbd3b7c96609c8c303baea0c8caea981fc31d8b232fcd9fa
File name: 7b58da3ee6e03cc8455e09e35b7b8cfa135d4469
Detection ratio: 4 / 56
Analysis date: 2014-12-18 00:50:07 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Avira (no cloud) TR/Crypt.ZPACK.114779 20141218
ESET-NOD32 Win32/Spy.Zbot.ACB 20141218
Norman Simda.TLI 20141217
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141217
Ad-Aware 20141218
AegisLab 20141217
Yandex 20141217
AhnLab-V3 20141217
ALYac 20141217
Antiy-AVL 20141217
Avast 20141217
AVG 20141217
AVware 20141218
Baidu-International 20141217
BitDefender 20141217
Bkav 20141217
ByteHero 20141218
CAT-QuickHeal 20141216
ClamAV 20141218
CMC 20141215
Comodo 20141218
Cyren 20141218
DrWeb 20141218
Emsisoft 20141218
F-Prot 20141218
F-Secure 20141217
Fortinet 20141217
GData 20141217
Ikarus 20141217
Jiangmin 20141217
K7AntiVirus 20141217
K7GW 20141217
Kaspersky 20141218
Kingsoft 20141218
Malwarebytes 20141217
McAfee 20141217
McAfee-GW-Edition 20141217
Microsoft 20141218
eScan 20141218
NANO-Antivirus 20141217
nProtect 20141217
Panda 20141217
Qihoo-360 20141218
Sophos AV 20141218
SUPERAntiSpyware 20141217
Symantec 20141218
Tencent 20141218
TheHacker 20141217
TotalDefense 20141218
TrendMicro 20141218
TrendMicro-HouseCall 20141217
VBA32 20141217
VIPRE 20141218
ViRobot 20141217
Zillya 20141216
Zoner 20141216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Corel Corporation. All rights reserved.

Product Corel Corporation Bootstrap Uninstaller
Original name Uninst.exe
Internal name Uninst.exe
File version 1.1.0.1
Description Corel Corporation Bootstrap Uninstaller
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-17 19:45:03
Entry Point 0x00001080
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExW
GetEnhMetaFileA
AddFontResourceA
DeleteEnhMetaFile
CreateMetaFileA
GetBkMode
GdiFlush
EndPath
GetEnhMetaFileW
GetLayout
DeleteDC
GdiGetBatchLimit
SetBkMode
EndDoc
DeleteObject
FillPath
CreateHalftonePalette
GetFontLanguageInfo
CreateMetaFileW
CreatePatternBrush
GetDCBrushColor
GetColorSpace
DeleteColorSpace
AbortPath
GetDCPenColor
GetGraphicsMode
SetTextAlign
CreateCompatibleDC
GetBkColor
CloseEnhMetaFile
FlattenPath
EndPage
CloseFigure
SelectObject
CancelDC
CreateSolidBrush
BeginPath
AbortDoc
DeleteMetaFile
GetLastError
GetDriveTypeW
VirtualAllocEx
LoadLibraryA
lstrlenA
GetFileAttributesA
GetDriveTypeA
HeapAlloc
VirtualProtect
FlushFileBuffers
GetFileAttributesW
lstrlenW
GetStartupInfoA
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetCommandLineA
GetProcessHeap
SetStdHandle
GetCPInfo
GetStringTypeA
GetModuleHandleA
GetCurrentThreadId
GetStringTypeW
GetModuleHandleW
GetTimeZoneInformation
InitializeCriticalSection
GlobalAlloc
Sleep
GetTickCount
GetVersion
GetParent
UpdateWindow
LoadBitmapW
ShowWindow
LoadBitmapA
GetSystemMetrics
IsWindow
DestroyIcon
GetSysColor
SendMessageW
GetDC
GetKeyState
GetMenu
IsWindowVisible
SendMessageA
GetDlgItem
EnableMenuItem
LoadIconA
IsDlgButtonChecked
LoadCursorW
LoadIconW
DestroyWindow
timeGetTime
CoInitializeEx
CoUninitialize
ReleaseStgMedium
CoRegisterClassObject
CoCreateInstanceEx
CLSIDFromString
Number of PE resources by type
RT_STRING 8
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 3
RT_MENU 2
RT_GROUP_CURSOR 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 21
HEBREW DEFAULT 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.1.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Corel Corporation Bootstrap Uninstaller

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
48128

EntryPoint
0x1080

OriginalFileName
Uninst.exe

MIMEType
application/octet-stream

LegalCopyright
Corel Corporation. All rights reserved.

FileVersion
1.1.0.1

TimeStamp
2014:12:17 20:45:03+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Uninst.exe

ProductVersion
1.1.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Corel Corporation

CodeSize
206848

ProductName
Corel Corporation Bootstrap Uninstaller

ProductVersionNumber
1.1.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 eda5f8b4f8ff94fde8996a773e23bd57
SHA1 7b58da3ee6e03cc8455e09e35b7b8cfa135d4469
SHA256 98bce1f64af44e25cbd3b7c96609c8c303baea0c8caea981fc31d8b232fcd9fa
ssdeep
3072:OKm+vOB3I3AU7rAHmetd64xwfJ32/Tf2HB6SiJaDDZ7cGPjyq9xC+A4sLGU5YSnW:DmI3F7cGeeQ/Tf2HY5Jp8jyq9cOgu

authentihash 3dae3c9f2b656164ecc69b035dc43bcc21fdcdc73ecb4360db4c33396d2feb19
imphash 2e14d8e52834d2852c9aba7c27822d06
File size 249.5 KB ( 255488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-18 00:50:07 UTC ( 4 years, 3 months ago )
Last submission 2014-12-18 00:50:07 UTC ( 4 years, 3 months ago )
File names 7b58da3ee6e03cc8455e09e35b7b8cfa135d4469
Uninst.exe
98bce1f64af44e25cbd3b7c96609c8c303baea0c8caea981fc31d8b232fcd9fa.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.