× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a875bd8850c116e90e4992722d74f25e1a4e48faa2e4b809b3384d48deb0620a
File name: cr.mod
Detection ratio: 21 / 46
Analysis date: 2013-08-19 14:33:19 UTC ( 5 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Spyware/Win32.Zbot 20130819
AntiVir TR/VB.Krypt.CNO 20130819
Avast Win32:VBCrypt-CNO [Trj] 20130819
AVG Agent4.AXCH 20130819
ByteHero Virus.Win32.Heur.p 20130817
Commtouch W32/GenBl.7A920565!Olympus 20130819
Comodo UnclassifiedMalware 20130819
ESET-NOD32 Win32/Agent.UZD 20130819
Fortinet W32/Agent.UZD 20130819
Ikarus Trojan.Agent4 20130819
K7AntiVirus Riskware 20130817
K7GW Riskware 20130816
Kaspersky UDS:DangerousObject.Multi.Generic 20130819
McAfee Artemis!7A92056525F3 20130819
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.F!83 20130819
Norman Troj_Generic.NSOPC 20130819
Panda Suspicious file 20130819
Sophos AV Mal/Generic-S 20130819
TheHacker Trojan/Agent.uzd 20130819
TrendMicro-HouseCall TROJ_GEN.R0CBH01H913 20130819
VIPRE Trojan.Win32.Generic!BT 20130819
Yandex 20130819
Antiy-AVL 20130819
BitDefender 20130819
CAT-QuickHeal 20130819
ClamAV 20130819
DrWeb 20130819
Emsisoft 20130819
F-Prot 20130819
F-Secure 20130819
GData 20130819
Jiangmin 20130819
Kingsoft 20130723
Malwarebytes 20130819
Microsoft 20130819
eScan 20130819
NANO-Antivirus 20130819
nProtect 20130816
PCTools 20130819
Rising 20130819
SUPERAntiSpyware 20130819
Symantec 20130819
TotalDefense 20130816
TrendMicro 20130819
VBA32 20130819
ViRobot 20130819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2004-2013, Neowise

Publisher Neowise
Product RoboTask
Original name RTMacroRecorder.exe
File version 5.6.0.30
Description Macro Recorder
Packers identified
F-PROT PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-22 17:40:53
Entry Point 0x00001060
Number of sections 2
PE sections
Overlays
MD5 81ed540e1204e3237f63da49df05a7d5
File type ASCII text
Offset 205808
Size 1040
Entropy 0.00
PE imports
MethCallEngine
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_RCDATA 82
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ORIYA DEFAULT 82
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
7.14

FileSubtype
0

FileVersionNumber
5.6.0.30

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
184320

EntryPoint
0x1060

OriginalFileName
RTMacroRecorder.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2004-2013, Neowise

FileVersion
5.6.0.30

TimeStamp
2013:07:22 18:40:53+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.6

FileDescription
Macro Recorder

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Neowise

CodeSize
57344

ProductName
RoboTask

ProductVersionNumber
5.6.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 7a92056525f3232d986cf8345a1a538b
SHA1 1d617f2d2de961edafe45c38ab01cd34471d8a50
SHA256 a875bd8850c116e90e4992722d74f25e1a4e48faa2e4b809b3384d48deb0620a
ssdeep
6144:zVm709/71suyN9MeDJO3VQNyjZQ5pa1J7Fh:z209/xajXDJOzMsJxh

authentihash ca0fca901aebc640cffeb4c992445a8036ed9938633354e6ba5457b293ad3b15
imphash d436c55cc61e4d62b21359ff12be3c38
File size 202.0 KB ( 206848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pecompact peexe overlay

VirusTotal metadata
First submission 2013-08-06 07:44:14 UTC ( 5 years, 8 months ago )
Last submission 2015-05-25 14:53:18 UTC ( 3 years, 11 months ago )
File names 1d617f2d2de961edafe45c38ab01cd34471d8a50
7a92056525f3232d986cf8345a1a538b
vt-upload-dQ9DJ
RTMacroRecorder.exe
vt-upload-ck_jH
7a92056525f3232d986cf8345a1
vt-upload-kJCSR
cr.mod
7a92056525f3232d986cf8345a1a538b_cr_mod
7a92056525f3232d986cf8345a1a538b.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!