× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a398b636cb9fe43d5949dbe97a4e5dcb548028cd7d2cfc9c9758d8b7d01261b6
File name: Neo AoB Scanner v1.9.exe
Detection ratio: 0 / 51
Analysis date: 2014-03-24 05:08:35 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
Ad-Aware 20140324
AegisLab 20140324
Yandex 20140323
AhnLab-V3 20140323
AntiVir 20140324
Antiy-AVL 20140324
Avast 20140324
AVG 20140324
Baidu-International 20140323
BitDefender 20140324
Bkav 20140322
ByteHero 20140324
CAT-QuickHeal 20140323
ClamAV 20140324
CMC 20140319
Commtouch 20140324
Comodo 20140324
DrWeb 20140324
Emsisoft 20140324
ESET-NOD32 20140324
F-Prot 20140324
F-Secure 20140323
Fortinet 20140324
GData 20140324
Ikarus 20140324
Jiangmin 20140324
K7AntiVirus 20140321
K7GW 20140321
Kaspersky 20140324
Kingsoft 20140324
Malwarebytes 20140324
McAfee 20140324
McAfee-GW-Edition 20140323
Microsoft 20140324
eScan 20140324
NANO-Antivirus 20140324
Norman 20140323
nProtect 20140323
Panda 20140323
Qihoo-360 20140324
Rising 20140322
Sophos AV 20140324
SUPERAntiSpyware 20140323
Symantec 20140324
TheHacker 20140323
TotalDefense 20140323
TrendMicro 20140324
TrendMicro-HouseCall 20140324
VBA32 20140321
VIPRE 20140324
ViRobot 20140324
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-24 05:03:46
Entry Point 0x0000EDAC
Number of sections 5
.NET details
Module Version ID b50ee65d-d36c-4054-8ddf-1b518c8c0994
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetOpenFileNameA
GetSaveFileNameA
CreateToolhelp32Snapshot
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
WriteProcessMemory
QueryPerformanceCounter
HeapDestroy
HeapAlloc
GetModuleFileNameA
DeleteCriticalSection
GetCurrentProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcessId
OpenProcess
GetPrivateProfileIntA
GetCurrentDirectoryA
Module32First
HeapSize
ReadProcessMemory
InterlockedCompareExchange
EncodePointer
GetProcessHeap
UnhandledExceptionFilter
HeapSetInformation
Module32Next
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
HeapReAlloc
DecodePointer
InterlockedExchange
IsDebuggerPresent
TerminateProcess
GetProcessHandleCount
VirtualQueryEx
InterlockedDecrement
Sleep
GetTickCount
GetCurrentThreadId
InterlockedIncrement
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
__CxxRegisterExceptionObject
?what@exception@std@@UBEPBDXZ
strcat_s
memset
__dllonexit
_stricmp
_controlfp_s
_CxxThrowException
toupper
_invoke_watson
isxdigit
_fmode
_cexit
?terminate@@YAXXZ
__FrameUnwindFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_mbsrchr
strtol
??2@YAPAXI@Z
memcpy_s
_lock
_onexit
__initenv
exit
_XcptFilter
_commode
__setusermatherr
_initterm_e
__CxxUnregisterExceptionObject
??_V@YAXPAX@Z
_amsg_exit
__CxxQueryExceptionSize
??_U@YAPAXI@Z
memmove_s
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
memcpy
__CxxFrameHandler3
_except_handler4_common
__CxxDetectRethrow
_mbsstr
__getmainargs
_initterm
??0exception@std@@QAE@ABV01@@Z
strnlen
??1exception@std@@UAE@XZ
memmove
??0exception@std@@QAE@ABQBD@Z
__CxxExceptionFilter
_configthreadlocale
_exit
__set_app_type
GetModuleBaseNameA
EnumProcesses
EnumProcessModules
GetDesktopWindow
MessageBoxA
GetWindowRect
PlaySoundA
_CorExeMain
Number of PE resources by type
RT_ICON 8
RT_MANIFEST 2
WAVE 2
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2014:03:24 06:03:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
58880

LinkerVersion
10.0

EntryPoint
0xedac

InitializedDataSize
1464320

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 bfa8be92950a8a5e7aa230be93f1f491
SHA1 fb76c809ecd81e0781c107b47837e04adb132d30
SHA256 a398b636cb9fe43d5949dbe97a4e5dcb548028cd7d2cfc9c9758d8b7d01261b6
ssdeep
24576:MZUu80HfAyu80HfFu80Hfiu80Hf0u80HfFu80HfzQCs6KGefc8rl3ufu80Hf:MZc0/AS0/90/i0/80/90/cCsXGef3rcU

authentihash ff8912fdba8e8aa214e711f20cbf39c709b858ce51cba2786cc560c6e09ae7e1
imphash f63f5ab3921ac2c8556654169c45fdd0
File size 1.5 MB ( 1524224 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-03-24 05:05:06 UTC ( 3 years, 8 months ago )
Last submission 2016-03-06 22:05:56 UTC ( 1 year, 9 months ago )
File names Neo AoB Scanner v1.9.exe
Neo-AoB-Scanner-v1.9.exe
file-6762090_exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!