× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9c95029e2ee4975d991fcc0316ff6f73544662d199acd16e16b786240d63c427
File name: notepad.exe
Detection ratio: 2 / 43
Analysis date: 2012-03-18 07:25:59 UTC ( 7 years ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Lmirhack 20120317
McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.J 20120317
AntiVir 20120316
Antiy-AVL 20120318
Avast 20120317
AVG 20120317
BitDefender 20120318
ByteHero 20120316
CAT-QuickHeal 20120317
ClamAV 20120317
Commtouch 20120317
Comodo 20120318
DrWeb 20120318
Emsisoft 20120318
eSafe 20120315
eTrust-Vet 20120316
F-Prot 20120317
F-Secure 20120318
Fortinet 20120318
GData 20120318
Ikarus 20120318
Jiangmin 20120317
K7AntiVirus 20120316
Kaspersky 20120318
McAfee 20120318
Microsoft 20120318
NOD32 20120318
Norman 20120316
nProtect 20120317
Panda 20120317
PCTools 20120314
Prevx 20120318
Rising 20120316
Sophos AV 20120318
SUPERAntiSpyware 20120317
Symantec 20120318
TheHacker 20120318
TrendMicro 20120318
TrendMicro-HouseCall 20120318
VBA32 20120316
VIPRE 20120318
ViRobot 20120317
VirusBuster 20120316
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher www.inFocusGame.com
Product inFocusGame
Version 0.04
Original name notepad.exe
Internal name notepad
File version 0.04
Comments www.inFocusGame.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-01 08:31:11
Entry Point 0x000235C2
Number of sections 6
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
__vbaInputFile
_adj_fprem
Ord(301)
__vbaVarAnd
__vbaForEachCollObj
_adj_fdiv_r
_allmul
__vbaChkstk
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
_CIlog
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaLateIdCall
Ord(306)
Ord(608)
__vbaFreeStr
__vbaFreeStrList
_adj_fdiv_m16i
__vbaExceptHandler
EVENT_SINK_QueryInterface
Ord(607)
__vbaStrToUnicode
_adj_fdiv_m32i
Ord(307)
__vbaSetSystemError
DllFunctionCall
__vbaVarTstLt
__vbaFreeVar
__vbaBoolVarNull
__vbaFileOpen
Ord(571)
__vbaLsetFixstr
__vbaVarTstEq
Ord(304)
__vbaOnError
_adj_fdivr_m32i
__vbaStrCat
__vbaVarDup
_adj_fdiv_m32
EVENT_SINK_Release
__vbaStrCmp
__vbaBoolVar
__vbaFreeObjList
__vbaVarCmpGt
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(626)
__vbaCastObj
__vbaVarOr
__vbaVarTstNe
__vbaLateMemCallLd
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
_CIcos
Ord(303)
__vbaVarMove
Ord(310)
__vbaErrorOverflow
__vbaNew2
__vbaR8IntI4
__vbaLateIdSt
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
__vbaWriteFile
Ord(535)
__vbaLenVar
__vbaEnd
Ord(685)
__vbaVarCmpEq
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarForInit
Ord(300)
__vbaVarVargNofree
__vbaStrCopy
__vbaFPException
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
Ord(599)
__vbaCastObjVar
Ord(534)
__vbaNextEachCollObj
Ord(309)
_CIsin
_CIsqrt
_CIatan
Ord(529)
__vbaObjSet
__vbaVarCmpLt
Ord(312)
__vbaVarCat
_CIexp
__vbaStrToAnsi
__vbaFpR4
_CItan
LocalFree
LocalAlloc
GetModuleHandleA
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleFileNameA
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
www.inFocusGame.com

InitializedDataSize
8192

ImageVersion
0.4

ProductName
inFocusGame

FileVersionNumber
0.4.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

LinkerVersion
6.0

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
0.04

TimeStamp
2012:03:01 09:31:11+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
notepad

ProductVersion
0.04

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
notepad.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
www.inFocusGame.com

CodeSize
77824

FileSubtype
0

ProductVersionNumber
0.4.0.0

EntryPoint
0x235c2

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 43ad33fdd9339f79f9307c2ead483a9a
SHA1 912c8d6a127dd3594bfbf63453cc5a8b52b0bd95
SHA256 9c95029e2ee4975d991fcc0316ff6f73544662d199acd16e16b786240d63c427
ssdeep
1536:rZWVu9MbnKtJ0xx4Y9SS0RwExfq50k90wVpvKkmKDRSSrvwZXyp7Nb9OdlkGfzu:rIETtJcGwF3T7mQfTwQXwlkGfqwSSwW

File size 164.0 KB ( 167936 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe

VirusTotal metadata
First submission 2012-03-18 07:25:59 UTC ( 7 years ago )
Last submission 2013-09-14 01:11:41 UTC ( 5 years, 6 months ago )
File names notepad
smona_9c95029e2ee4975d991fcc0316ff6f73544662d199acd16e16b786240d63c427.bin
notepad.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!