× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9d95c7505fbe82dac10fa5904f34bf1de57394016943b1086c7c61ffc6a56664
File name: wolfram_win32_patch_1_1_en.exe
Detection ratio: 2 / 49
Analysis date: 2014-03-18 13:34:05 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Malwarebytes PUP.Optional.Miner 20140318
TheHacker Adware/EShoper.bd 20140314
Ad-Aware 20140318
Yandex 20140318
AhnLab-V3 20140318
AntiVir 20140318
Antiy-AVL 20140318
Avast 20140318
AVG 20140317
Baidu-International 20140318
BitDefender 20140318
Bkav 20140318
ByteHero 20140318
CAT-QuickHeal 20140318
ClamAV 20140318
CMC 20140313
Commtouch 20140318
Comodo 20140318
DrWeb 20140318
Emsisoft 20140318
ESET-NOD32 20140318
F-Prot 20140318
F-Secure 20140318
Fortinet 20140318
GData 20140318
Ikarus 20140318
Jiangmin 20140318
K7AntiVirus 20140318
K7GW 20140318
Kaspersky 20140318
Kingsoft 20140318
McAfee 20140318
McAfee-GW-Edition 20140318
Microsoft 20140318
eScan 20140318
NANO-Antivirus 20140318
Norman 20140318
nProtect 20140318
Panda 20140318
Qihoo-360 20140318
Rising 20140318
Sophos AV 20140318
SUPERAntiSpyware 20140318
Symantec 20140318
TotalDefense 20140318
TrendMicro 20140318
TrendMicro-HouseCall 20140318
VBA32 20140318
VIPRE 20140318
ViRobot 20140318
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product Wolfram Patch 1.1 Install Program
File version 2, 0, 0, 21
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-12-16 14:18:07
Entry Point 0x00022A10
Number of sections 3
PE sections
Overlays
MD5 a094172fa6d84e9c6f8f00f7688e1b51
File type data
Offset 64512
Size 2931621
Entropy 8.00
PE imports
RegCloseKey
BitBlt
LoadLibraryA
ExitProcess
GetProcAddress
SHGetMalloc
IsIconic
VerFindFileA
CoGetMalloc
Number of PE resources by type
RT_ICON 5
RT_DIALOG 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
PE resources
ExifTool file metadata
UninitializedDataSize
86016

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
2.0.0.21

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0x22a10

MIMEType
application/octet-stream

FileVersion
2, 0, 0, 21

TimeStamp
2003:12:16 15:18:07+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2, 0, 0, 21

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
53248

ProductName
Wolfram Patch 1.1 Install Program

ProductVersionNumber
2.0.0.21

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 68a52ce17b7732c4aa7298714c90c13c
SHA1 845036ae4f1bf2366f35677279b078720197735b
SHA256 9d95c7505fbe82dac10fa5904f34bf1de57394016943b1086c7c61ffc6a56664
ssdeep
49152:UCQtl7wCdeGtgYRgW/B2QuJmhRziJ9bUhPpJpvWAwl15v4ljCQQMt9vbMHga0UzR:U5tl7wBG6YRgNJ44JmPp2l1p4A49YHTN

authentihash 4a3e0f58b76425fdeb7e91c4a16a325e50d5c882c7c6e467cd1fb7749d00b41b
imphash dbafcd1eb78ccc1c29dad4e15bbcfab7
File size 2.9 MB ( 2996133 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2012-06-17 20:10:45 UTC ( 5 years, 6 months ago )
Last submission 2017-10-25 22:50:13 UTC ( 1 month, 3 weeks ago )
File names wolfram_win32_patch_1_1_en.exe
file-4113624_exe
wolfram_win32_patch_1_1_en.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.