× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a71c0d049d098c6c8eafd7d4dc58184487d40f9501e56174bac855751bb62ea3
File name: 266c9d0777c36e74e95edd60e903a95b
Detection ratio: 0 / 42
Analysis date: 2012-06-12 19:33:16 UTC ( 6 years, 11 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120612
AntiVir 20120612
Antiy-AVL 20120612
Avast 20120612
AVG 20120612
BitDefender 20120612
ByteHero 20120612
CAT-QuickHeal 20120612
ClamAV 20120612
Commtouch 20120612
Comodo 20120612
DrWeb 20120612
Emsisoft 20120612
eSafe 20120612
F-Prot 20120612
F-Secure 20120612
Fortinet 20120612
GData 20120612
Ikarus 20120612
Jiangmin 20120612
K7AntiVirus 20120612
Kaspersky 20120612
McAfee 20120612
McAfee-GW-Edition 20120612
Microsoft 20120607
NOD32 20120612
Norman 20120612
nProtect 20120612
Panda 20120612
PCTools 20120612
Rising 20120612
Sophos AV 20120612
SUPERAntiSpyware 20120612
Symantec 20120612
TheHacker 20120612
TotalDefense 20120612
TrendMicro 20120612
TrendMicro-HouseCall 20120612
VBA32 20120611
VIPRE 20120612
ViRobot 20120612
VirusBuster 20120612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-06-12 23:20:36
Entry Point 0x00002640
Number of sections 3
PE sections
PE imports
GetLastError
GetModuleHandleA
LocalAlloc
lstrlenA
GlobalAlloc
GetStartupInfoA
GetTickCount
GetEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetCommandLineW
_except_handler3
_acmdln
__p__fmode
_adjust_fdiv
__setusermatherr
__p__commode
__dllonexit
_onexit
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
_exit
memcpy
__set_app_type
SetupQueueDefaultCopyA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:06:13 00:20:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
8192

LinkerVersion
7.1

FileTypeExtension
exe

InitializedDataSize
98304

SubsystemVersion
4.0

EntryPoint
0x2640

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 266c9d0777c36e74e95edd60e903a95b
SHA1 6ab816fa002e39318540996aca7ce8a4d9cbba1f
SHA256 a71c0d049d098c6c8eafd7d4dc58184487d40f9501e56174bac855751bb62ea3
ssdeep
768:mLbGdsbhzp4IJRo8Y8YutQwjOETDiMwuCeLfEgghzv4nK7RlcvA40cR:4Lrgnut9DQuCWVgNv4K7vco1c

authentihash 50f17c4826ac3b534aa752e2e6861f394bcf4e2c544806d29f1c5dfe6149d4f5
imphash 8393b42672d5808d250a742371b04780
File size 52.0 KB ( 53248 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.7%)
Win32 Dynamic Link Library (generic) (14.7%)
Win32 Executable (generic) (10.0%)
OS/2 Executable (generic) (4.5%)
Generic Win/DOS Executable (4.4%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-06-12 13:59:07 UTC ( 6 years, 11 months ago )
Last submission 2018-05-22 20:05:34 UTC ( 1 year ago )
File names 266c9d0777c36e74e95edd60e903a95b.exe
Trojan.DownLoad3.8524
ms.ex
pcdedsiu.exe
2vd2e5.txt
266c9d0777c36e74e95edd60e903a95b
aa
nfb7vCBu.ps1
0.22641561784293784.exe
0.1464339397515061.exe
file
file-4095361_exe
a71c0d049d098c6c8eafd7d4dc58184487d40f9501e56174bac855751bb62ea3.vir
0.9079996627882033.exe
1339694383.266c9d0777c36e74e95edd60e903a95b
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!