× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9dda707ee0d0e8fcaa0d66010320e13faedee2abbc50908c4c54ed215815894f
File name: reboot.exe
Detection ratio: 0 / 42
Analysis date: 2012-08-28 19:34:39 UTC ( 4 years, 7 months ago )
Antivirus Result Update
AhnLab-V3 20120826
AntiVir 20120827
Antiy-AVL 20120827
Avast 20120827
AVG 20120826
BitDefender 20120827
ByteHero 20120817
CAT-QuickHeal 20120827
ClamAV 20120827
Commtouch 20120827
Comodo 20120827
DrWeb 20120827
Emsisoft 20120827
eSafe 20120826
ESET-NOD32 20120826
F-Prot 20120827
F-Secure 20120827
Fortinet 20120827
GData 20120827
Ikarus 20120827
Jiangmin 20120827
K7AntiVirus 20120825
Kaspersky 20120827
McAfee 20120827
McAfee-GW-Edition 20120827
Microsoft 20120827
Norman 20120826
nProtect 20120827
Panda 20120826
PCTools 20120827
Rising 20120827
Sophos 20120827
SUPERAntiSpyware 20120826
Symantec 20120827
TheHacker 20120826
TotalDefense 20120826
TrendMicro 20120827
TrendMicro-HouseCall 20120827
VBA32 20120824
VIPRE 20120826
ViRobot 20120827
VirusBuster 20120826
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1997-11-12 00:08:21
Entry Point 0x00001030
Number of sections 5
PE sections
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
ExitProcess
IsBadWritePtr
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
DebugBreak
IsBadReadPtr
SetStdHandle
SetFilePointer
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
HeapValidate
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
OutputDebugStringA
TerminateProcess
HeapCreate
VirtualFree
InterlockedDecrement
GetFileType
HeapAlloc
GetVersion
VirtualAlloc
InterlockedIncrement
ExitWindowsEx
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1997:11:12 01:08:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
55808

LinkerVersion
5.2

EntryPoint
0x1030

InitializedDataSize
31744

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f2cf17694c7e6c5e432e3ca697527fed
SHA1 959d6b991a326bc886f360f7d67f5893f12f9f44
SHA256 9dda707ee0d0e8fcaa0d66010320e13faedee2abbc50908c4c54ed215815894f
ssdeep
1536:h4hMNreqfYP4S7G10J3z9a9OupGerRi/qxg:qhM9eqfi4YGmJ3Zarr+qxg

File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal

TrID Win32 Executable MS Visual C++ 4.x (69.2%)
Win32 Executable MS Visual C++ (generic) (19.3%)
Win32 Executable Generic (4.3%)
Win32 Dynamic Link Library (generic) (3.8%)
Win16/32 Executable Delphi generic (1.0%)
Tags
peexe installshield

VirusTotal metadata
First submission 2012-08-28 19:34:39 UTC ( 4 years, 7 months ago )
Last submission 2012-08-28 19:34:39 UTC ( 4 years, 7 months ago )
File names reboot.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!