× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9fe90c42605e5ec07db514822c39736288635a30f471024df8ed6c599b672a32
File name: 7c9a461e47a85ce875749d10e0c15c7e25d57975
Detection ratio: 2 / 54
Analysis date: 2014-12-20 00:42:48 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Norman Simda.TLI 20141219
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20141218
Ad-Aware 20141219
AegisLab 20141219
Yandex 20141217
AhnLab-V3 20141217
ALYac 20141219
Antiy-AVL 20141218
Avast 20141219
AVG 20141219
Avira (no cloud) 20141219
AVware 20141219
Baidu-International 20141218
BitDefender 20141219
ByteHero 20141220
CAT-QuickHeal 20141218
ClamAV 20141219
Comodo 20141219
Cyren 20141219
DrWeb 20141219
Emsisoft 20141219
ESET-NOD32 20141219
F-Prot 20141219
F-Secure 20141219
Fortinet 20141219
GData 20141219
Ikarus 20141219
Jiangmin 20141218
K7AntiVirus 20141218
K7GW 20141219
Kaspersky 20141219
Kingsoft 20141220
Malwarebytes 20141219
McAfee 20141219
McAfee-GW-Edition 20141218
Microsoft 20141219
eScan 20141218
NANO-Antivirus 20141219
nProtect 20141218
Panda 20141217
Qihoo-360 20141220
Sophos AV 20141219
SUPERAntiSpyware 20141218
Symantec 20141219
Tencent 20141220
TheHacker 20141219
TotalDefense 20141219
TrendMicro 20141219
TrendMicro-HouseCall 20141219
VBA32 20141218
VIPRE 20141219
ViRobot 20141219
Zillya 20141218
Zoner 20141216
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Corel Corporation. All rights reserved.

Publisher Corel Corporation
Product Corel Corporation Bootstrap Unaler
Original name Unint.exe
Internal name Unist.exe
File version 1.1.0.1
Description Corel Corporation Bootstrap Unnstaller
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-12-19 07:35:24
Entry Point 0x00001000
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegQueryValueExW
GetEnhMetaFileA
DeleteEnhMetaFile
CreateHalftonePalette
GetBkMode
SetTextAlign
GetEnhMetaFileW
CreateMetaFileW
DeleteDC
GdiGetBatchLimit
SetBkMode
EndDoc
CreateMetaFileA
GetFontLanguageInfo
GetLayout
CreatePatternBrush
GetDCBrushColor
GetColorSpace
DeleteColorSpace
AbortPath
GetDCPenColor
GetGraphicsMode
GdiFlush
CreateCompatibleDC
GetBkColor
CloseEnhMetaFile
FlattenPath
EndPage
CloseFigure
SelectObject
CancelDC
CreateSolidBrush
BeginPath
DeleteObject
DeleteMetaFile
GetLastError
GetDriveTypeW
VirtualAllocEx
FileTimeToSystemTime
lstrlenA
GetFileAttributesA
GetDriveTypeA
QueryPerformanceCounter
HeapAlloc
LoadLibraryA
GetCommandLineW
lstrlenW
GetCurrentProcess
FileTimeToLocalFileTime
GetCurrentProcessId
GetModuleHandleW
UnhandledExceptionFilter
GetCommandLineA
GetProcessHeap
LoadLibraryW
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
GetVersion
TerminateProcess
GlobalAlloc
GetFileAttributesW
Sleep
GetTickCount
GetCurrentThreadId
ShellAboutW
GetSystemMetrics
LoadBitmapW
IsWindow
GetParent
SendMessageW
UpdateWindow
DestroyIcon
DestroyWindow
IsDlgButtonChecked
IsWindowVisible
SendMessageA
LoadStringW
LoadIconW
GetDlgItem
LoadIconA
ShowWindow
LoadCursorA
GetSysColor
LoadBitmapA
GetDC
GetKeyState
Number of PE resources by type
RT_STRING 8
RT_DIALOG 6
RT_ICON 4
RT_GROUP_ICON 3
RT_MENU 2
RT_GROUP_CURSOR 1
RT_ACCELERATOR 1
RT_CURSOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 21
HEBREW DEFAULT 6
PE resources
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
45056

ImageVersion
0.0

ProductName
Corel Corporation Bootstrap Unaler

FileVersionNumber
1.1.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Corel Corporation Bootstrap Unnstaller

CharacterSet
Windows, Latin1

LinkerVersion
9.0

OriginalFilename
Unint.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.1.0.1

TimeStamp
2014:12:19 08:35:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Unist.exe

FileAccessDate
2015:01:15 10:52:54+01:00

ProductVersion
1.1.0.1

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2015:01:15 10:52:54+01:00

FileOS
Win32

LegalCopyright
Corel Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Corel Corporation

CodeSize
208384

FileSubtype
0

ProductVersionNumber
1.1.0.1

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 9a85d75c8fc248c7ab45b2d8e6709d32
SHA1 7c9a461e47a85ce875749d10e0c15c7e25d57975
SHA256 9fe90c42605e5ec07db514822c39736288635a30f471024df8ed6c599b672a32
ssdeep
3072:VXAnujlkTWJ5qcl1ZIOHtGk0+q/S6o6rDJ1QxoWZAxugSGQSadVninBvu:SnuPMk1ZxHtN0DSN6HJ1KoWZnPSop

authentihash e29cc2f8a947e8f64ae8fdacf548e300095f7d23d75c955ec390e5d84d560035
imphash 8ea996f524d048cdfac14817e8498a28
File size 248.0 KB ( 253952 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2014-12-20 00:42:48 UTC ( 4 years, 3 months ago )
Last submission 2015-01-15 09:52:41 UTC ( 4 years, 2 months ago )
File names 7c9a461e47a85ce875749d10e0c15c7e25d57975
Unist.exe
9fe90c42605e5ec07db514822c39736288635a30f471024df8ed6c599b672a32.exe
Unint.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.