× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c770f6222b2a1760b7dfd4755326594260c2eff5f774ec88d3d2c241018a3d9
File name: Easy2Boot v1.89.exe
Detection ratio: 7 / 59
Analysis date: 2017-02-15 10:37:53 UTC ( 8 months ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20170215
Baidu Archive.Bomb 20170215
CrowdStrike Falcon (ML) malicious_confidence_89% (D) 20170130
DrWeb Program.Unwanted.1791 20170215
Panda Trj/CI.A 20170214
Sophos AV NirCmd (PUA) 20170215
Symantec Trojan.Gen.2 20170214
Ad-Aware 20170215
AhnLab-V3 20170215
Alibaba 20170215
ALYac 20170215
Antiy-AVL 20170215
Arcabit 20170215
Avast 20170215
AVG 20170215
Avira (no cloud) 20170215
AVware 20170215
BitDefender 20170215
Bkav 20170214
CAT-QuickHeal 20170215
ClamAV 20170215
CMC 20170215
Comodo 20170215
Cyren 20170215
Emsisoft 20170215
Endgame 20170208
ESET-NOD32 20170215
F-Prot 20170215
F-Secure 20170215
Fortinet 20170215
GData 20170215
Ikarus 20170215
Sophos ML 20170203
Jiangmin 20170215
K7AntiVirus 20170214
K7GW 20170215
Kaspersky 20170215
Kingsoft 20170215
Malwarebytes 20170215
McAfee 20170215
McAfee-GW-Edition 20170214
Microsoft 20170215
eScan 20170215
NANO-Antivirus 20170215
nProtect 20170215
Qihoo-360 20170215
Rising 20170215
SUPERAntiSpyware 20170215
Tencent 20170215
TheHacker 20170215
TrendMicro 20170215
Trustlook 20170215
VBA32 20170215
VIPRE 20170215
ViRobot 20170215
Webroot 20170215
WhiteArmor 20170202
Yandex 20170214
Zillya 20170214
Zoner 20170215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Unicode, ZIP, appended, UPX_LZMA, Aspack, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-02-15 08:00:37
Entry Point 0x00010F4C
Number of sections 4
PE sections
Overlays
MD5 4a65a68e67c96bdbf4c51e05af6ca319
File type application/zip
Offset 157184
Size 18124699
Entropy 7.94
PE imports
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
InitCommonControlsEx
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetFileAttributesW
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TzSpecificLocalTimeToSystemTime
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
IsWindow
SendMessageW
GetWindowRect
EnableWindow
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
MessageBoxW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
RegisterClassExW
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:02:15 09:00:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
114176

LinkerVersion
9.0

EntryPoint
0x10f4c

InitializedDataSize
41984

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
File identification
MD5 922ec78862fb4584f6e966ce8a5f5bc9
SHA1 0674822f954fdf4552b61261d772352fe1931bff
SHA256 9c770f6222b2a1760b7dfd4755326594260c2eff5f774ec88d3d2c241018a3d9
ssdeep
393216:viVrEiKw6POduhMsj/o12A56+nqVV7pZqiMIZvRx:6VrEiwO87o12L7f7Tq9CvP

authentihash 231a94d370d19694f7ba8d8c7207dd3ca014e29d4226d6fb9a144fc3ea8afe70
imphash f3173778f088ce2b56b8257bfe393419
File size 17.4 MB ( 18281883 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe aspack upx overlay

VirusTotal metadata
First submission 2017-02-08 21:04:16 UTC ( 8 months, 1 week ago )
Last submission 2017-10-16 00:35:20 UTC ( 1 day, 8 hours ago )
File names Easy2Boot v1.89.exe
Easy2Boot v1.89 (1).exe
Easy2Boot v1.89.exe
easy2boot v1.89.exe
Easy2Boot v1.89.exe
9C770F6222B2A1760B7DFD4755326594260C2EFF5F774EC88D3D2C241018A3D9.exe
Easy2Boot v1.89.exe
9C770F6222B2A1760B7DFD4755326594260C2EFF5F774EC88D3D2C241018A3D9.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs