× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a00ea31c6e7185c2f986e6826049419c02ea9be0e241da21d8dfdd9154b2486
File name: Zip.SFX
Detection ratio: 0 / 65
Analysis date: 2017-10-09 12:16:12 UTC ( 2 months ago )
Antivirus Result Update
Ad-Aware 20171009
AegisLab 20171009
AhnLab-V3 20171009
Alibaba 20170911
ALYac 20171009
Antiy-AVL 20171009
Arcabit 20171009
Avast 20171009
Avast-Mobile 20171009
AVG 20171009
Avira (no cloud) 20171009
AVware 20171009
Baidu 20170930
BitDefender 20171009
Bkav 20171009
CAT-QuickHeal 20171009
ClamAV 20171009
CMC 20171009
Comodo 20171009
CrowdStrike Falcon (ML) 20170804
Cylance 20171009
Cyren 20171009
DrWeb 20171009
Emsisoft 20171009
Endgame 20170821
ESET-NOD32 20171009
F-Prot 20171009
F-Secure 20171009
Fortinet 20171009
GData 20171009
Ikarus 20171009
Sophos ML 20170914
Jiangmin 20171009
K7AntiVirus 20171009
K7GW 20171009
Kaspersky 20171009
Kingsoft 20171009
Malwarebytes 20171009
MAX 20171009
McAfee 20171009
McAfee-GW-Edition 20171009
Microsoft 20171009
eScan 20171009
NANO-Antivirus 20171009
nProtect 20171009
Palo Alto Networks (Known Signatures) 20171009
Panda 20171008
Qihoo-360 20171009
Rising 20171009
SentinelOne (Static ML) 20171001
Sophos AV 20171009
SUPERAntiSpyware 20171009
Symantec 20171009
Symantec Mobile Insight 20171006
Tencent 20171009
TheHacker 20171007
TrendMicro 20171009
TrendMicro-HouseCall 20171009
Trustlook 20171009
VBA32 20171009
VIPRE 20171009
ViRobot 20171009
Webroot 20171009
WhiteArmor 20170927
Yandex 20171006
Zillya 20171009
ZoneAlarm by Check Point 20171009
Zoner 20171009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-02-17 14:55:26
Entry Point 0x00009F40
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
SetFilePointer
GetLastError
HeapFree
GetStdHandle
SystemTimeToFileTime
CreateFileMappingW
ReadFile
FileTimeToSystemTime
GetModuleFileNameW
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
FindFirstFileW
CompareStringW
GetTickCount
SetFileTime
GetFileAttributesW
GetCommandLineW
IsDBCSLeadByte
FileTimeToLocalFileTime
OpenFileMappingW
GetDateFormatW
CreateDirectoryA
DeleteFileA
GetCPInfo
ExitProcess
MultiByteToWideChar
MapViewOfFile
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetFullPathNameA
GetTimeFormatW
SetFileAttributesW
DosDateTimeToFileTime
CloseHandle
WideCharToMultiByte
GetFileAttributesA
MoveFileExW
ExpandEnvironmentStringsW
FindNextFileW
SetEndOfFile
WriteFile
FindFirstFileA
FindNextFileA
SetEnvironmentVariableW
HeapReAlloc
GetModuleHandleW
SetFileAttributesA
FreeLibrary
GetFileType
GetTempPathW
GetCurrentDirectoryW
LoadLibraryW
SetCurrentDirectoryW
UnmapViewOfFile
FindResourceW
CreateFileW
GlobalAlloc
LocalFileTimeToFileTime
FindClose
Sleep
MoveFileW
GetFullPathNameW
CreateFileA
HeapAlloc
GetLocaleInfoW
GetNumberFormatW
SetLastError
CompareStringA
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
SetFocus
MapWindowPoints
GetParent
UpdateWindow
EndDialog
LoadBitmapW
DefWindowProcW
CopyRect
GetWindowTextW
GetMessageW
MessageBoxW
GetSystemMetrics
SetWindowPos
wvsprintfW
CharToOemBuffA
SetWindowLongW
OemToCharBuffA
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
wvsprintfA
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
CreateWindowExW
ReleaseDC
DestroyIcon
ShowWindow
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
IsWindow
OemToCharA
PeekMessageW
CharUpperA
GetClassNameW
EnableWindow
SetWindowTextW
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
DispatchMessageW
GetWindowLongW
SetForegroundWindow
DestroyWindow
CharToOemA
CreateStreamOnHGlobal
OleUninitialize
CoCreateInstance
OleInitialize
CLSIDFromString
Number of PE resources by type
RT_DIALOG 6
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 19
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:17 15:55:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
53760

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
160256

SubsystemVersion
5.0

EntryPoint
0x9f40

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Compressed bundles
File identification
MD5 d7a6f6809b50d380f00e820096694562
SHA1 fddb920e213a363dcc517764de193c75f75256b5
SHA256 9a00ea31c6e7185c2f986e6826049419c02ea9be0e241da21d8dfdd9154b2486
ssdeep
1536:Kwh1oDCl94obAAHYS7+MAwep6m0AiiipzG0ZJyHi1U3/e:OCl94YVFleTiiipzG0ZEH48/e

authentihash bde8d71f351b5a4d76b4b17275be47853ef533b4c3b95770d2acb53b28aea09b
imphash fe665f2b5496671c416fff0c4aa96adf
File size 78.0 KB ( 79872 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2012-02-20 16:52:25 UTC ( 5 years, 9 months ago )
Last submission 2017-10-09 12:16:12 UTC ( 2 months ago )
File names sbs_ve_ambr_20160619145836.500_ 517
sbs_ve_ambr_20160127201052.468_ 421
ZipEn.SFX
sbs_ve_ambr_20160303200820.324_ 613
Zip_ENG.SFX
sbs_ve_ambr_20160619145834.687_ 399
sbs_ve_ambr_20160011170629.078_ 399
zip.sfx
d7a6f6809b50d380f00e820096694562
057544d847405065ab42513deabe7b83_ZipEn.SFX.safe
sbs_ve_ambr_20160127201054.250_ 539
sbs_ve_ambr_20160003202801.525_ 704
sbs_ve_ambr_20151126200804.648_ 607
exe_d7a6f6809b50d380f00e820096694562
ZIP.SFX
sbs_ve_ambr_20150903203802.142_ 660
BFAFAA2400A971E738B901C6F85516006B973322.sfx
sbs_ve_ambr_20160011170631.703_ 517
{c82dd554-7551-4445-ae4c-741ea9d65d9e}
Zip.SFX
sbs_ve_ambr_20150911203954.180_ 660
sbs_ve_ambr_20160307200123.031_ 517
sbs_ve_ambr_20160210200242.569_ 399
sbs_ve_ambr_20160103200133.909_ 399
smona_9a00ea31c6e7185c2f986e6826049419c02ea9be0e241da21d8dfdd9154b2486.bin
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!