× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9b6b468ff47daf5533e36405aede63b4499eff0ffd0f77708ef7a37380a1e4c3
File name: 1345624923-zipphotos_inst.exe
Detection ratio: 2 / 56
Analysis date: 2016-03-26 05:48:05 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
CMC AdWare.Win32.SaveNow!O 20160322
Kingsoft Win32.Troj.Generic.(kcloud) 20160326
Ad-Aware 20160326
AegisLab 20160326
Yandex 20160316
AhnLab-V3 20160325
Alibaba 20160323
ALYac 20160326
Antiy-AVL 20160326
Arcabit 20160326
Avast 20160326
AVG 20160326
AVware 20160326
Baidu 20160325
Baidu-International 20160325
BitDefender 20160326
Bkav 20160325
ByteHero 20160326
CAT-QuickHeal 20160325
ClamAV 20160325
Comodo 20160326
Cyren 20160326
DrWeb 20160326
Emsisoft 20160326
ESET-NOD32 20160325
F-Prot 20160326
Fortinet 20160326
GData 20160326
Ikarus 20160325
Jiangmin 20160326
K7AntiVirus 20160325
K7GW 20160323
Kaspersky 20160326
Malwarebytes 20160326
McAfee 20160326
McAfee-GW-Edition 20160326
Microsoft 20160326
eScan 20160326
NANO-Antivirus 20160326
nProtect 20160325
Panda 20160325
Qihoo-360 20160326
Rising 20160326
Sophos AV 20160326
SUPERAntiSpyware 20160326
Symantec 20160326
Tencent 20160326
TheHacker 20160325
TotalDefense 20160326
TrendMicro 20160326
TrendMicro-HouseCall 20160326
VBA32 20160325
VIPRE 20160326
ViRobot 20160326
Zillya 20160325
Zoner 20160326
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT INNO, appended, Aspack, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BED8
Number of sections 8
PE sections
Overlays
MD5 22e9188a5c8ff884a9af5503647d313c
File type data
Offset 61440
Size 1718838
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
InitCommonControls
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetFileAttributesA
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCPInfo
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
GetSystemMetrics
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
CharNextA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46592

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
16384

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0xbed8

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 f762bb8f3a17b0d40fab7a4dcb4e4843
SHA1 cd9a87c68cfd4910d8944f82858e59483f7a7646
SHA256 9b6b468ff47daf5533e36405aede63b4499eff0ffd0f77708ef7a37380a1e4c3
ssdeep
49152:Qo9w4kVAOuA7RWPztj9svhzL0nMIecz+3xtvoWwAW5:Qo9w4ks3tjQzLMecS3LvfrW5

authentihash 7afeea50339a23f453c5b2a9325a5f6bd6a453e290f8a25f20cd4d2fcbe2a738
imphash 0c97c38021e73ae3921565566bcfaa66
File size 1.7 MB ( 1780278 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe aspack overlay

VirusTotal metadata
First submission 2011-10-03 10:19:31 UTC ( 7 years, 4 months ago )
Last submission 2018-07-15 21:53:58 UTC ( 7 months, 1 week ago )
File names 1345624923-zipphotos_inst.exe
1414790640-zipphotos_inst.exe
9B6B468FF47DAF5533E36405AEDE63B4499EFF0FFD0F77708EF7A37380A1E4C3.exe
zipphotos_inst.exe
9B6B468FF47DAF5533E36405AEDE63B4499EFF0FFD0F77708EF7A37380A1E4C3.exe
zipphotos_inst.exe
f762bb8f3a17b0d40fab7a4dcb4e4843
zipphotos_inst.exe
122911
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!