× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a15280888fb36d479cf069c756320103d25192341102d73d872c16568f211e89
File name: FOFF.nfo Viewer.exe
Detection ratio: 42 / 67
Analysis date: 2018-07-22 20:16:12 UTC ( 10 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.1804049 20180722
AegisLab Troj.Generic!c 20180722
AhnLab-V3 Win-Trojan/OnlineGameHack.B 20180721
ALYac Trojan.Generic.1804049 20180722
Antiy-AVL Trojan/Win32.SGeneric 20180722
Arcabit Trojan.Generic.D1B8711 20180722
AVware Trojan.Win32.Packer.Upack0.3.9 (ep) 20180722
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9777 20180717
BitDefender Trojan.Generic.1804049 20180722
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180722
Cyren W32/SuspPack.CY.gen!Eldorado 20180722
Emsisoft Trojan.Generic.1804049 (B) 20180722
Endgame malicious (high confidence) 20180711
F-Prot W32/SuspPack.CY.gen!Eldorado 20180722
F-Secure Trojan.Generic.1804049 20180722
GData Trojan.Generic.1804049 20180722
Ikarus Trojan-GameThief.Win32.OnLineGames 20180722
Sophos ML heuristic 20180717
Jiangmin Trojan/Scar.antl 20180722
K7AntiVirus Trojan ( 003b1b581 ) 20180722
K7GW Trojan ( 003b1b581 ) 20180722
Kaspersky UDS:DangerousObject.Multi.Generic 20180722
MAX malware (ai score=99) 20180722
McAfee Artemis!450C3D17A1E9 20180722
McAfee-GW-Edition Artemis!Trojan 20180722
Microsoft Trojan:Win32/Vigorf.A 20180722
eScan Trojan.Generic.1804049 20180722
Panda Trj/Pupack.A 20180722
Qihoo-360 Win32/Trojan.Spy.a3b 20180722
Rising Trojan.Win32.Generic.12BD5E14 (C64:YzY0OgKqQDxckLdt) 20180722
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180722
Symantec Infostealer.Gampass 20180722
Tencent Win32.Trojan.Generic.badw 20180722
TheHacker W32/Behav-Heuristic-060 20180722
TotalDefense Win32/Dogbab!generic 20180722
TrendMicro Cryp_Xed-12 20180722
TrendMicro-HouseCall Cryp_Xed-12 20180722
VIPRE Trojan.Win32.Packer.Upack0.3.9 (ep) 20180722
Yandex Packed/Upack 20180720
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180722
Alibaba 20180713
Avast 20180722
Avast-Mobile 20180722
AVG 20180722
Avira (no cloud) 20180722
Babable 20180406
Bkav 20180719
CAT-QuickHeal 20180722
ClamAV 20180722
CMC 20180722
Comodo 20180722
DrWeb 20180722
eGambit 20180722
ESET-NOD32 20180722
Fortinet 20180722
Kingsoft 20180722
Malwarebytes 20180722
NANO-Antivirus 20180722
Palo Alto Networks (Known Signatures) 20180722
SUPERAntiSpyware 20180722
TACHYON 20180722
Trustlook 20180722
VBA32 20180720
ViRobot 20180722
Webroot 20180722
Zillya 20180720
Zoner 20180721
The file being studied is a Portable Executable file! More specifically, it is a DOS EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPack
PEiD WinUpack v0.39 final -> By Dwing (c)2005 (h1)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-01-23 23:39:42
Entry Point 0x00001018
Number of sections 3
PE sections
Number of PE resources by type
RT_DIALOG 2
RT_ICON 1
RT_MANIFEST 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:01:23 23:39:42+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1766614113

LinkerVersion
76.111

FileTypeExtension
exe

InitializedDataSize
1918988898

SubsystemVersion
4.0

EntryPoint
0x1018

OSVersion
4.0

ImageVersion
0.57

UninitializedDataSize
16761

File identification
MD5 450c3d17a1e9147945c62b3311413f93
SHA1 5a3a4a865c5e17efdf3bfc2d1b24904c86f93ce0
SHA256 a15280888fb36d479cf069c756320103d25192341102d73d872c16568f211e89
ssdeep
768:rThKJ6nMOPDHLYZ1DjxT3ZNjN+DD02G2DIYtDmXLDDDDE4DDDi4FYYAmjCUEp0xI:rThCfXgp4em8pCSTOUyloPUvum3cdUe

authentihash 534acaf447850f6e3c212fab57ea07136436e6ae3afcf55f536412fb2664eba1
File size 43.2 KB ( 44244 bytes )
File type DOS EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID DOS Executable Generic (100.0%)
Tags
upack mz

VirusTotal metadata
First submission 2008-07-27 00:54:32 UTC ( 10 years, 10 months ago )
Last submission 2018-07-22 20:16:12 UTC ( 10 months ago )
File names FOFF.nfo Viewer.exe
FOFF.nfo Viewer.exe
t_gE172i.com
aa
e4RvxVbXsF.vsd
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs