× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a0579416c180348180d646f1a455856f05530796eeda5cd7fc5bc8cd2e84c4f8
File name: setup.exe1
Detection ratio: 5 / 43
Analysis date: 2012-03-07 20:25:48 UTC ( 5 years, 4 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.Inject.62531 20120307
Kaspersky Trojan-Dropper.Win32.Injector.ddfm 20120307
Microsoft Worm:Win32/Ainslot.A 20120307
Panda Suspicious file 20120307
Symantec WS.Reputation.1 20120305
AhnLab-V3 20120307
AntiVir 20120307
Antiy-AVL 20120305
Avast 20120307
AVG 20120307
BitDefender 20120307
ByteHero 20120305
CAT-QuickHeal 20120307
ClamAV 20120307
Commtouch 20120307
Comodo 20120307
Emsisoft 20120307
eSafe 20120305
eTrust-Vet 20120307
F-Prot 20120307
F-Secure 20120307
Fortinet 20120305
GData 20120307
Ikarus 20120307
Jiangmin 20120301
K7AntiVirus 20120306
McAfee 20120307
McAfee-GW-Edition 20120307
NOD32 20120307
Norman 20120304
nProtect 20120307
PCTools 20120228
Prevx 20120307
Rising 20120307
Sophos AV 20120307
SUPERAntiSpyware 20120307
TheHacker 20120307
TrendMicro 20120306
TrendMicro-HouseCall 20120307
VBA32 20120307
VIPRE 20120307
ViRobot 20120307
VirusBuster 20120307
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-04 21:29:24
Entry Point 0x00014332
Number of sections 3
.NET details
Module Version ID 5202fc43-8f23-486a-a28f-fc5567fa0dcd
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:03:04 22:29:24+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
74752

LinkerVersion
8.0

EntryPoint
0x14332

InitializedDataSize
346112

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 e58a1795277edc08d35c6898f9befc1c
SHA1 f937c2da16de5371608d118203beefd02a0205d1
SHA256 a0579416c180348180d646f1a455856f05530796eeda5cd7fc5bc8cd2e84c4f8
ssdeep
6144:6oyfXzy1LAlXU+QNjd/KVC5e/T8+MYTo/6vLZg7lw/fV8ZYlyEAhMJtAKVUz:NczU++jdpc8+2iDklwXYYwhUA8

authentihash cdd60770ce88eaec471758a4706cf3e12420089d482606862ec3ee66053bade7
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 411.5 KB ( 421376 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2012-03-06 17:28:36 UTC ( 5 years, 4 months ago )
Last submission 2017-05-24 14:16:05 UTC ( 1 month, 3 weeks ago )
File names E58A1795277EDC08D35C6898F9BEFC1C.exe
trojan-malware-DANGEROUS-setup.ex
a0579416c180348180d646f1a455856f05530796eeda5cd7fc5bc8cd2e84c4f8
file-3636300_exe
setup.exe1
output.1351158.txt
e58a1795277edc08d35c6898f9befc1c.exe
setup.exe.e58a1795277edc08d35c6898f9befc1c
1351158
E58A1795277EDC08D35C6898F9BEFC1C
476529cf-0ee4-4ad3-9b24-cf38270c80c1
$Trojan-Dropper.Win32.Injector!E2|0041150.exe.virus
setup.exe
e58a1795277edc08d35c6898f9befc1c
trojan-malware-DANGEROUS-setup.exe
trojan-malware-DANGEROUS-setup.exe-F6dcpz
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R00UC0CBM16.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!