× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a32454a6563f6bddad6e53f7869470fd25b4ebfffdd1f27f95bd31d07d18d481
File name: ECD5C22842641E2DBE800046F99018CE
Detection ratio: 38 / 43
Analysis date: 2011-11-27 09:54:59 UTC ( 6 years, 11 months ago )
Antivirus Result Update
AhnLab-V3 Adware/Win32.Hotbar 20111126
AntiVir TR/Spy.Gen4 20111125
Antiy-AVL WebToolbar/Win32.Zango.gen 20111127
Avast Win32:Zango-AQ [PUP] 20111127
AVG Zango 20111126
BitDefender Trojan.Generic.6109201 20111127
CAT-QuickHeal Adware.Rugo.A 20111127
Commtouch W32/HotBar.L.gen!Eldorado 20111126
Comodo UnclassifiedMalware 20111127
DrWeb Adware.Hotbar.700 20111127
Emsisoft Riskware.WebToolbar.Win32!IK 20111127
eSafe Win32.TRSpy 20111124
eTrust-Vet Win32/Zango.Pinball.B[HOTBAR] 20111125
F-Prot W32/HotBar.L.gen!Eldorado 20111126
F-Secure Trojan.Generic.6109201 20111127
Fortinet Misc/Zango 20111127
GData Trojan.Generic.6109201 20111127
Ikarus not-a-virus:WebToolbar.Win32 20111127
Jiangmin Adware/Agent.ghs 20111126
K7AntiVirus Adware 20111125
Kaspersky not-a-virus:AdWare.Win32.ScreenSaver.e 20111127
McAfee Adware-HotBar.d 20111127
McAfee-GW-Edition Adware-HotBar.d 20111127
Microsoft Adware:Win32/Hotbar 20111127
NOD32 a variant of Win32/Adware.HotBar.H 20111127
Norman Adware.LC 20111125
nProtect Trojan/W32.Agent_Packed.210096.I 20111127
Panda Generic Trojan 20111126
PCTools Adware.Clkpotato 20111127
Rising AdWare.Win32.HotBar.cw 20111125
Sophos AV ClickPotato Installer 20111127
SUPERAntiSpyware Adware.Agent/Gen-Zango 20111126
Symantec Adware.Clkpotato!gen2 20111127
TrendMicro ADW_ZANGO.SMUS 20111127
TrendMicro-HouseCall ADW_ZANGO.SMUS 20111127
VBA32 Adware.Hotbar.1 20111125
VIPRE Pinball Corporation. (v) 20111127
VirusBuster Adware.Rugo.Gen.5 20111126
ByteHero 20111114
ClamAV 20111126
Prevx 20111127
TheHacker 20111127
ViRobot 20111126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 2.0.311.0
Description Installer
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-06-06 18:35:04
Entry Point 0x000720E0
Number of sections 3
PE sections
PE imports
RegCloseKey
PatBlt
GetAdaptersInfo
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
1 more function(s) imported by ordinal)
UrlEscapeA
VerQueryValueA
1 more function(s) imported by ordinal)
CoCreateGuid
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
2.0.311.0

UninitializedDataSize
266240

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
8192

MIMEType
application/octet-stream

FileVersion
2.0.311.0

TimeStamp
2011:06:06 20:35:04+02:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
2.0.311.0

FileDescription
Installer

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
200704

FileSubtype
0

ProductVersionNumber
2.0.311.0

EntryPoint
0x720e0

ObjectFileType
Executable application

File identification
MD5 ecd5c22842641e2dbe800046f99018ce
SHA1 6f43eb10c3fec125d73fd0a9734c39c8540ce7d2
SHA256 a32454a6563f6bddad6e53f7869470fd25b4ebfffdd1f27f95bd31d07d18d481
ssdeep
3072:GT77p21yY+vazvXiT+1U03/kCa+33RS6mi1eau+6v4pd5c+bXh8x+Dyc8JxBi:e2XZrdy08oRlMau+24pZbx++C

File size 205.2 KB ( 210096 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
Tags
upx

VirusTotal metadata
First submission 2011-06-17 22:31:22 UTC ( 7 years, 4 months ago )
Last submission 2011-11-27 09:54:59 UTC ( 6 years, 11 months ago )
File names [26625]emulesetup.exe.#
ECD5C22842641E2DBE800046F99018CE
ecd5c22842641e2dbe800046f99018ce.exe
ecd5c22842641e2dbe800046f99018ce
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!