× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a171c0d55c19c801a853d9c5b8b7d4e78ab06b036c2a2bed1db04b78a6ac722d
File name: autorun.exe
Detection ratio: 16 / 41
Analysis date: 2013-12-23 22:52:57 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20131223
AVG Generic33.BHLS 20131223
BitDefender Trojan.GenericKDZ.22059 20131223
DrWeb Trojan.DownLoader9.31467 20131223
Emsisoft Trojan.GenericKDZ.22059 (B) 20131223
F-Secure Trojan.GenericKDZ.22059 20131223
GData Trojan.GenericKDZ.22059 20131223
Ikarus Worm.Win32.Luder 20131223
K7GW Trojan ( 004432811 ) 20131223
Kingsoft Win32.Troj.Generic.a.(kcloud) 20130829
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.S 20131223
eScan Trojan.GenericKDZ.22059 20131223
Norman Obfuscated.gen!r 20131223
Panda Generic Malware 20131223
TheHacker Trojan/Agent.ec 20131223
VBA32 Worm.Luder 20131223
Ad-Aware 20131223224804
Yandex 20131223
AhnLab-V3 20131223
AntiVir 20131223
Antiy-AVL 20131223
Baidu-International 20131213
Bkav 20131223115313
ByteHero 20130613
CAT-QuickHeal 20131222
ClamAV 20131223185816
CMC 20131217
Commtouch 20131223
Comodo 20131223
ESET-NOD32 20131223211115
F-Prot 20131223
Fortinet 20131223
Jiangmin 20131223
K7AntiVirus 20131223
Kaspersky 20131223
Malwarebytes 20131223
McAfee 20131223
Microsoft 20131223
NANO-Antivirus 20131223
nProtect 20131223
officecheck None
Rising 20131223075630
Sophos 20131223220750
SUPERAntiSpyware 20131222
Symantec 20131223
TotalDefense 20131223210515
TrendMicro 20131223
TrendMicro-HouseCall 20131223232431
VIPRE 20131223
ViRobot 20131223
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2006-2013 Piriform Ltd

Publisher Piriform Ltd
Product Installer
File version 1.0.0.0
Description Installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-07 08:58:24
Entry Point 0x0016796E
Number of sections 3
.NET details
Module Version ID e2f8ad38-3172-47df-b86d-75e360e0e3ed
TypeLib ID fcb616cf-973b-4965-b878-764f93d859da
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
11776

EntryPoint
0x16796e

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.0

TimeStamp
2013:06:07 09:58:24+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
Installer

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2006-2013 Piriform Ltd

MachineType
Intel 386 or later, and compatibles

CompanyName
Piriform Ltd

CodeSize
1464832

ProductName
Installer

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 09489f862b8438057cf34885e0cfc2f1
SHA1 93b9401892fb61f6e9e79d1be5fb7091d1b33555
SHA256 a171c0d55c19c801a853d9c5b8b7d4e78ab06b036c2a2bed1db04b78a6ac722d
ssdeep
24576:D6KFDDYhgxLEqxttBMtbeoVpJL75mWHHTcs9eFccxlqQK:D/XYaLbtm8oVpJLYWHHIs4vxlqQK

authentihash 9385e20178573ff5c1aa6636be4fb6634e5f7253c6915589f282106f6116134b
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 1.4 MB ( 1477120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2013-12-23 22:52:57 UTC ( 3 years, 6 months ago )
Last submission 2015-05-28 13:57:06 UTC ( 2 years, 1 month ago )
File names autorun.exe
tmp3517.tmp.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections