× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9ebb04a1333c89874350cb06ac7e7bafd5c88379cf27201629f2db9b5a0e4a5c
File name: coder.exe
Detection ratio: 6 / 54
Analysis date: 2014-08-21 09:02:46 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Yandex Trojan.Agent!BIhxrIe8KUM 20140821
CMC Generic.Win32.ad35207384!CMCRadar 20140820
Kingsoft Win32.Troj.flat.a.(kcloud) 20140821
McAfee Artemis!AD352073841F 20140821
Symantec WS.Reputation.1 20140821
TrendMicro-HouseCall Suspicious_GEN.F47V0724 20140821
Ad-Aware 20140821
AegisLab 20140821
AhnLab-V3 20140821
AntiVir 20140821
Antiy-AVL 20140821
Avast 20140821
AVG 20140821
AVware 20140821
Baidu-International 20140820
BitDefender 20140821
Bkav 20140820
ByteHero 20140821
CAT-QuickHeal 20140821
ClamAV 20140821
Commtouch 20140821
Comodo 20140821
DrWeb 20140821
Emsisoft 20140821
ESET-NOD32 20140821
F-Prot 20140821
F-Secure 20140821
Fortinet 20140821
GData 20140821
Ikarus 20140821
Jiangmin 20140821
K7AntiVirus 20140820
K7GW 20140820
Kaspersky 20140821
Malwarebytes 20140821
McAfee-GW-Edition 20140820
Microsoft 20140821
eScan 20140821
NANO-Antivirus 20140821
Norman 20140821
nProtect 20140820
Panda 20140821
Qihoo-360 20140821
Rising 20140820
Sophos 20140821
SUPERAntiSpyware 20140821
Tencent 20140821
TheHacker 20140817
TotalDefense 20140820
TrendMicro 20140821
VBA32 20140820
VIPRE 20140821
ViRobot 20140821
Zillya 20140821
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT Thinstal
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-11-10 05:00:08
Entry Point 0x00001A83
Number of sections 1
PE sections
PE imports
GetLastError
HeapFree
GetModuleFileNameW
HeapAlloc
VirtualProtect
LoadLibraryA
lstrlenW
GetFileSize
SetEnvironmentVariableW
DeleteFileW
GetProcAddress
GetProcessHeap
lstrcpynW
SetFilePointer
lstrcpyW
WideCharToMultiByte
MapViewOfFile
GetModuleHandleA
ReadFile
CloseHandle
GetSystemTimeAsFileTime
CreateFileMappingA
UnmapViewOfFile
CreateFileW
VirtualFree
Sleep
FormatMessageA
GetFullPathNameW
ExitProcess
VirtualAlloc
GetEnvironmentVariableW
SetLastError
MoveFileW
MessageBoxA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:11:10 06:00:08+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
6656

LinkerVersion
6.0

FileAccessDate
2014:08:07 09:55:45+01:00

EntryPoint
0x1a83

InitializedDataSize
0

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:08:07 09:55:45+01:00

UninitializedDataSize
0

File identification
MD5 ad352073841f20d2e7478fef202c5e3e
SHA1 e6a7cb97029379d7a6697e35ab0e25a87d289045
SHA256 9ebb04a1333c89874350cb06ac7e7bafd5c88379cf27201629f2db9b5a0e4a5c
ssdeep
192:Z14EVAtR5JmdAwbv/IO1Mi2/wxYoPr5mMs:Zl6tR5JmTxk/wxYoD5mM

imphash b940cadb80c6ab17c0d6c9725b30af77
File size 7.5 KB ( 7680 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.7%)
Generic Win/DOS Executable (23.4%)
DOS Executable Generic (23.3%)
VXD Driver (0.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-07-24 08:49:45 UTC ( 2 years, 10 months ago )
Last submission 2014-07-24 08:49:45 UTC ( 2 years, 10 months ago )
File names coder.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files