× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9cc7baa0756743cebbcd7fab977495e652bda32762e9c1b8367aa38fdfaf5440
File name: F7C0314FB0FBD52AF9D4D721B2C897A2.exe
Detection ratio: 15 / 43
Analysis date: 2011-07-25 07:16:29 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AVG SHeur3.CKZT 20110724
AntiVir TR/Agent.ARZW 20110725
Avast Win32:Malware-gen 20110724
Avast5 Win32:Malware-gen 20110724
BitDefender Trojan.Agent.ARZW 20110725
Comodo TrojWare.Win32.Trojan.XPACK.Gen 20110725
Emsisoft Trojan-Dropper.Agent!IK 20110725
F-Secure Trojan.Agent.ARZW 20110725
GData Trojan.Agent.ARZW 20110725
Ikarus Trojan-Dropper.Agent 20110725
Kaspersky HEUR:Trojan.Win32.Generic 20110725
McAfee Artemis!F7C0314FB0FB 20110725
McAfee-GW-Edition Artemis!F7C0314FB0FB 20110724
NOD32 a variant of Win32/Kryptik.QQC 20110725
Sophos Mal/Generic-L 20110725
AhnLab-V3 20110724
Antiy-AVL 20110725
CAT-QuickHeal 20110725
ClamAV 20110724
Commtouch 20110724
DrWeb 20110725
F-Prot 20110724
Fortinet 20110725
Jiangmin 20110724
K7AntiVirus 20110722
Microsoft 20110725
Norman 20110723
PCTools 20110725
Panda 20110724
Prevx 20110725
Rising 20110725
SUPERAntiSpyware 20110724
Symantec 20110725
TheHacker 20110724
TrendMicro 20110725
TrendMicro-HouseCall 20110725
VBA32 20110725
VIPRE 20110725
ViRobot 20110725
VirusBuster 20110724
eSafe 20110724
eTrust-Vet 20110722
nProtect 20110725
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © Sobs Sift 1997-2011

Publisher Comma Stone
Product Picks Air
Original name Baby.exe
Internal name Wolff Diets Cowboy Mig
File version 2.5
Description Signs Blast Egypt Avery
Packers identified
Command UPX
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-11-10 11:21:46
Link date 12:21 PM 11/10/2005
Entry Point 0x00091320
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
GetFocus
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
5.12

ImageVersion
4.0

FileSubtype
0

FileVersionNumber
2.5.0.0

UninitializedDataSize
389120

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4096

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright Sobs Sift 1997-2011

FileVersion
2.5

TimeStamp
2005:11:10 12:21:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Wolff Diets Cowboy Mig

FileAccessDate
2014:06:19 15:26:31+01:00

ProductVersion
2.5

FileDescription
Signs Blast Egypt Avery

OSVersion
4.0

FileCreateDate
2014:06:19 15:26:31+01:00

OriginalFilename
Baby.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Comma Stone

CodeSize
204800

ProductName
Picks Air

ProductVersionNumber
2.5.0.0

EntryPoint
0x91320

ObjectFileType
Executable application

File identification
MD5 f7c0314fb0fbd52af9d4d721b2c897a2
SHA1 a7e1ce85e6a218f6367efc4ab5b660660c2a4d56
SHA256 9cc7baa0756743cebbcd7fab977495e652bda32762e9c1b8367aa38fdfaf5440
ssdeep
6144:3PSdBxh5LITwaDMVXm1lrnu3vroMUVoTlz:ChNIUaDMV29VmJz

imphash 949380538ef530de61d0a7497ada97f9
File size 200.0 KB ( 204800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2011-07-23 20:07:40 UTC ( 2 years, 11 months ago )
Last submission 2014-06-19 14:24:11 UTC ( 3 weeks, 1 day ago )
File names F7C0314FB0FBD52AF9D4D721B2C897A2.bin
vf4e2ad6800e566_2011723171112.ex
svdhalp.exe
Baby.exe
vf4e2ad6800e566_2011723171112.exe
vf4e2ad6800e5662011723171112.exe
F7C0314FB0FBD52AF9D4D721B2C897A2.EXE
921888
vti-rescan
f7c0314fb0fbd52af9d4d721b2c897a2.exe
Wolff Diets Cowboy Mig
f7c0314fb0fbd52af9d4d721b2c897a2
F7C0314FB0FBD52AF9D4D721B2C897A2.exe
file-2649122_exe
F7C0314FB0FBD52AF9D4D721B2C897A2_delphi_dl.exe
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!