× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 98e0b0e15f8a31f80a5df293648e1ccf2db3deabc55b05e5e69dfa1a07ccca7f
File name: SAB_Windows.exe
Detection ratio: 5 / 46
Analysis date: 2013-01-11 16:33:26 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
Antiy-AVL Backdoor/Win32.Swrort.gen 20130111
Jiangmin Backdoor.Generic.txp 20121221
TheHacker Backdoor/Swrort.xx 20130109
VBA32 Backdoor.Swrort.rr 20130111
ViRobot Backdoor.Win32.A.Swrort.175104 20130111
AVG 20130111
Agnitum 20130111
AhnLab-V3 20130111
AntiVir 20130107
Avast 20130111
BitDefender 20130111
ByteHero 20121226
CAT-QuickHeal 20130111
ClamAV 20130111
Commtouch 20130111
Comodo 20130111
DrWeb 20130111
ESET-NOD32 20130111
Emsisoft 20130111
F-Prot 20130111
F-Secure 20130111
Fortinet 20130111
GData 20130111
Ikarus 20130111
K7AntiVirus 20130111
Kaspersky 20130111
Kingsoft 20130107
Malwarebytes 20130111
McAfee 20130111
McAfee-GW-Edition 20130111
MicroWorld-eScan 20130111
Microsoft 20130111
NANO-Antivirus 20130111
Norman 20130111
PCTools 20130111
Panda 20130111
Rising 20130110
SUPERAntiSpyware 20130111
Sophos 20130111
Symantec 20130111
TotalDefense 20130111
TrendMicro 20130111
TrendMicro-HouseCall 20130111
VIPRE 20130111
eSafe 20130110
nProtect 20130111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-25 09:26:27
Entry Point 0x000090A5
Number of sections 5
PE sections
PE imports
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
FindClose
TlsGetValue
SetLastError
PeekNamedPipe
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
LoadLibraryExA
SetConsoleCtrlHandler
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
SetEnvironmentVariableW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetProcAddress
GetProcessHeap
CompareStringW
GetFileInformationByHandle
FindFirstFileExA
FindNextFileA
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
GetConsoleCP
GetEnvironmentStringsW
RemoveDirectoryA
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
CreateProcessW
Sleep
Ord(14)
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:05:25 10:26:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77312

LinkerVersion
10.0

EntryPoint
0x90a5

InitializedDataSize
104960

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 7b6889f78f644822be28d626e9b3e6b1
SHA1 e28efe012f6f383ad717de9e254567a1540e0da0
SHA256 98e0b0e15f8a31f80a5df293648e1ccf2db3deabc55b05e5e69dfa1a07ccca7f
ssdeep
196608:55PqzgMS4yM/BVqtRHT7NvIWkssUlOkZdzse8IQsretIgGL5gCz:fPqza4yM/BcTxwysUFKe8Kyt4gCz

File size 10.0 MB ( 10486995 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
Tags
peexe

VirusTotal metadata
First submission 2013-01-11 16:33:26 UTC ( 1 year, 3 months ago )
Last submission 2013-01-16 22:39:25 UTC ( 1 year, 3 months ago )
File names file-5000180_exe
SAB_Windows.exe
SAB_Windows.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!