× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8f0c325e8826b6aaaa34b193bdcc04e6025377edf5d53ef182a382f0040fa02
File name: 123.exe
Detection ratio: 59 / 61
Analysis date: 2017-03-18 07:00:16 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.Autoit.AOF 20170318
AegisLab W32.W.AutoRun.llU2 20170318
AhnLab-V3 HEUR/Fakon.mwf 20170317
ALYac Trojan.Autoit.AOF 20170318
Arcabit Trojan.Autoit.AOF 20170318
Avast AutoIt:AutoRun-B@BC [Wrm] 20170318
AVG Worm/AutoRun.KE 20170318
Avira (no cloud) TR/Dropper.A.37038 20170317
AVware Trojan.Win32.Generic!SB.0 20170318
Baidu Win32.Trojan.AutoIt.a 20170318
BitDefender Trojan.Autoit.AOF 20170318
Bkav W32.AutoITFldE1.Worm 20170318
CAT-QuickHeal Worm.Tupym 20170317
ClamAV Win.Worm.Autorun-313 20170318
Comodo TrojWare.Win32.Injector.XEM 20170318
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Cyren W32/Autorun.HBBB-2740 20170318
DrWeb Trojan.StartPage.31354 20170318
Emsisoft Trojan.Autoit.AOF (B) 20170318
Endgame malicious (high confidence) 20170317
ESET-NOD32 Win32/Autoit.EB 20170318
F-Prot W32/Autorun.SX 20170318
Fortinet W32/AutoRun.FNC!worm 20170318
GData Win32.Worm.Autorun.A@gen 20170318
Ikarus Worm.Win32.AutoRun 20170317
Sophos ML worm.win32.nuqel.tb 20170203
Jiangmin Worm/AutoRun.uva 20170318
K7AntiVirus EmailWorm ( 0008b4a71 ) 20170318
K7GW EmailWorm ( 0008b4a71 ) 20170317
Kaspersky Worm.Win32.AutoRun.fnc 20170318
Kingsoft Worm.Autorun.f.(kcloud) 20170318
Malwarebytes Worm.AutoRun.FLDGen 20170318
McAfee W32/Tupym.worm 20170318
McAfee-GW-Edition BehavesLike.Win32.Tupym.bh 20170318
Microsoft Trojan:Win32/Toga!rfn 20170318
eScan Trojan.Autoit.AOF 20170318
NANO-Antivirus Trojan.Script.Autorun.ddafcl 20170318
nProtect Worm/W32.AutoRun.745029 20170318
Palo Alto Networks (Known Signatures) generic.ml 20170318
Panda Trj/Autoit.gen 20170317
Qihoo-360 Win32/Worm.4e6 20170318
Rising Trojan.Generic (cloud:2taWSwtyYhJ) 20170318
SentinelOne (Static ML) static engine - malicious 20170315
Sophos AV W32/AutoRun-BUC 20170318
SUPERAntiSpyware Trojan.Agent/Gen-Autorun 20170318
Symantec W32.Svich 20170317
Tencent Win32.Trojan.Fakedoc.Auto 20170318
TheHacker W32/AutoRun.fnc 20170318
TotalDefense Win32/Yahlover.LX 20170318
TrendMicro WORM_SOHANAD.WP 20170318
TrendMicro-HouseCall WORM_SOHANAD.WP 20170318
VBA32 Trojan-Downloader.Autoit.gen 20170317
VIPRE Trojan.Win32.Generic!SB.0 20170318
ViRobot Worm.Win32.Autorun.745029[h] 20170318
Webroot Worm:Win32/Tupym.A 20170318
Yandex Trojan.Autorun!5jzkk3XdIRU 20170317
Zillya Worm.Autorun.Win32.78414 20170317
ZoneAlarm by Check Point Worm.Win32.AutoRun.fnc 20170318
Zoner I-Worm.Autoit.EB 20170318
Alibaba 20170228
CMC 20170317
F-Secure 20170316
Trustlook 20170318
WhiteArmor 20170315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-12-24 09:00:07
Entry Point 0x00017770
Number of sections 5
PE sections
PE imports
RegCreateKeyExW
RegCloseKey
CopySid
GetAce
AdjustTokenPrivileges
InitializeAcl
LookupPrivilegeValueW
RegDeleteKeyW
UnlockServiceDatabase
RegQueryValueExW
SetSecurityDescriptorDacl
CloseServiceHandle
GetAclInformation
OpenProcessToken
RegConnectRegistryW
RegOpenKeyExW
GetTokenInformation
GetUserNameW
GetSecurityDescriptorDacl
RegDeleteValueW
LockServiceDatabase
RegEnumKeyExW
OpenThreadToken
GetLengthSid
CreateProcessAsUserW
RegEnumValueW
LogonUserW
RegSetValueExW
OpenSCManagerW
InitializeSecurityDescriptor
CreateProcessWithLogonW
AddAce
ImageList_BeginDrag
ImageList_Destroy
ImageList_Create
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetSaveFileNameW
GetOpenFileNameW
CreatePen
EndPath
GetPixel
Rectangle
PolyDraw
LineTo
DeleteDC
SetBkMode
SetPixel
CreateDCW
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
GetDeviceCaps
MoveToEx
GetTextFaceW
AngleArc
GetStockObject
SetViewportOrgEx
StrokePath
GetDIBits
RoundRect
CreateCompatibleDC
StrokeAndFillPath
CreateFontW
CloseFigure
DeleteObject
CreateCompatibleBitmap
CreateSolidBrush
ExtCreatePen
SelectObject
SetBkColor
BeginPath
GetTextExtentPoint32W
Ellipse
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GlobalMemoryStatusEx
HeapReAlloc
GetStringTypeW
GetOEMCP
FormatMessageW
ResumeThread
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetCurrentThread
GetEnvironmentVariableW
SetLastError
DeviceIoControl
TlsGetValue
CopyFileW
WriteProcessMemory
OutputDebugStringW
RemoveDirectoryW
Beep
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
RaiseException
WritePrivateProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
GetPrivateProfileStringW
GetModuleHandleA
GetFullPathNameW
CreateThread
SetEnvironmentVariableW
GetSystemDirectoryW
DeleteCriticalSection
SetUnhandledExceptionFilter
SetSystemPowerState
ExitThread
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GetStartupInfoA
GetProcessIoCounters
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetTempFileNameW
GetComputerNameW
EnumResourceNamesW
CompareStringW
GetModuleFileNameW
FindNextFileW
CreateHardLinkW
FindFirstFileW
DuplicateHandle
GetProcAddress
SetVolumeLabelW
GetPrivateProfileSectionW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
Process32NextW
CreateProcessW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
Process32FirstW
WritePrivateProfileStringW
QueryPerformanceFrequency
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
CompareStringA
WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W
SafeArrayDestroyDescriptor
SafeArrayAccessData
VariantCopy
VarR8FromDec
SafeArrayUnaccessData
SafeArrayDestroyData
VariantClear
SysAllocString
GetActiveObject
SafeArrayAllocDescriptorEx
VariantInit
SafeArrayGetVartype
VariantTimeToSystemTime
LoadRegTypeLib
OleLoadPicture
SafeArrayAllocData
GetProcessMemoryInfo
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
ExtractIconExW
ShellExecuteExW
SHGetDesktopFolder
Shell_NotifyIconW
SHGetMalloc
DragFinish
RedrawWindow
GetForegroundWindow
UnregisterHotKey
DrawTextW
SetUserObjectSecurity
DestroyMenu
PostQuitMessage
SetWindowPos
IsWindow
EndPaint
VkKeyScanA
OpenWindowStationW
WindowFromPoint
CopyRect
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetAsyncKeyState
CharLowerBuffW
GetMenuStringW
GetMenu
GetClientRect
GetMenuItemInfoW
SetMenuDefaultItem
IsClipboardFormatAvailable
LoadImageW
CountClipboardFormats
keybd_event
GetActiveWindow
RegisterHotKey
GetWindowTextW
LockWindowUpdate
GetWindowTextLengthW
CopyImage
PtInRect
GetParent
AttachThreadInput
EnumWindows
GetMessageW
ShowWindow
GetCaretPos
DrawFrameControl
GetDesktopWindow
IsCharAlphaW
PeekMessageW
InsertMenuItemW
CharUpperW
TranslateMessage
IsWindowEnabled
SetClipboardData
DestroyWindow
OpenDesktopW
IsZoomed
LoadStringW
DrawMenuBar
IsCharLowerW
IsIconic
TrackPopupMenuEx
DrawFocusRect
CreateMenu
IsDialogMessageW
FlashWindow
EnumThreadWindows
MonitorFromPoint
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetCursorPos
CharNextW
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
GetKeyboardLayoutNameA
BeginPaint
DefWindowProcW
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
CheckMenuRadioItem
GetClipboardData
GetSystemMetrics
SetWindowLongW
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
SetProcessWindowStation
SendDlgItemMessageW
SetKeyboardState
CreatePopupMenu
GetSubMenu
SetWindowTextW
SetTimer
GetDlgItem
SystemParametersInfoW
ClientToScreen
PostMessageW
CloseWindowStation
GetKeyboardState
GetMenuItemCount
IsDlgButtonChecked
DestroyAcceleratorTable
CreateIconFromResourceEx
LoadCursorW
LoadIconW
FindWindowExW
GetDC
FillRect
SetForegroundWindow
GetProcessWindowStation
ExitWindowsEx
OpenClipboard
EmptyClipboard
EnableWindow
ReleaseDC
SetLayeredWindowAttributes
EndDialog
FindWindowW
GetDlgCtrlID
ScreenToClient
MessageBeep
GetWindowThreadProcessId
MessageBoxW
SendMessageW
RegisterClassExW
SetMenu
MoveWindow
DialogBoxParamW
MessageBoxA
GetCursor
GetWindowDC
AdjustWindowRectEx
mouse_event
GetFocus
GetSysColor
GetKeyState
DestroyIcon
IsWindowVisible
IsCharAlphaNumericW
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
GetUserObjectSecurity
GetClassNameW
BlockInput
IsCharUpperW
CloseDesktop
IsMenu
SendMessageTimeoutW
wsprintfW
CloseClipboard
TranslateAcceleratorW
DefDlgProcW
SetCursor
CreateEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
DestroyEnvironmentBlock
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
HttpQueryInfoW
InternetOpenW
InternetConnectW
FtpGetFileSize
InternetCrackUrlW
InternetCloseHandle
InternetSetOptionW
HttpSendRequestW
InternetOpenUrlW
InternetReadFile
FtpOpenFileW
HttpOpenRequestW
waveOutSetVolume
timeGetTime
mciSendStringW
WSAStartup
gethostname
socket
__WSAFDIsSet
bind
inet_addr
send
ioctlsocket
recvfrom
gethostbyname
select
ntohs
recv
connect
WSACleanup
sendto
htons
closesocket
accept
WSAGetLastError
listen
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemAlloc
CreateBindCtx
OleSetContainedObject
StringFromIID
CoCreateInstance
CoInitializeSecurity
CLSIDFromProgID
CLSIDFromString
OleSetMenuDescriptor
CoCreateInstanceEx
StringFromCLSID
IIDFromString
MkParseDisplayName
CoTaskMemFree
CoSetProxyBlanket
OleInitialize
Number of PE resources by type
RT_ICON 16
RT_STRING 6
RT_GROUP_ICON 4
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 30
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.3.0.0

LanguageCode
English (British)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, Large address aware, 32-bit

CharacterSet
Unicode

InitializedDataSize
158208

EntryPoint
0x17770

MIMEType
application/octet-stream

FileVersion
1

TimeStamp
2008:12:24 10:00:07+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
507392

ProductName
explorer

ProductVersionNumber
3.3.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

Execution parents
File identification
MD5 0f98cb44b0a7014a54fe979e281c25c1
SHA1 e229fecd832eb2488b1f586e811cd6e54cb56bbb
SHA256 a8f0c325e8826b6aaaa34b193bdcc04e6025377edf5d53ef182a382f0040fa02
ssdeep
6144:hpqoa8aLiC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnC3:hpqiC/2OGAtkCP4cejGSOpRK3CnIiX

authentihash 67c717d7406eadebedacbc38c24b56fc757b59b4d580fad4bb5eb3d259f359db
imphash 16ca4c13aa09bd350a394601fe491f6c
File size 727.6 KB ( 745029 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe usb-autorun

VirusTotal metadata
First submission 2009-09-03 10:08:01 UTC ( 9 years, 5 months ago )
Last submission 2018-05-25 18:12:40 UTC ( 8 months, 4 weeks ago )
File names system3_.exe
SYSTEM3_.EXE
Adobe Photoshop CS5 Extended.exe
D77C9208F4.tmp
system3_.exe
123.exe
003011753
_quoteengine.exe_.0f98cb44b0a7014a54fe979e281c25c1
0f98cb44b0a7014a54fe979e281c25c1
file
0F98CB44B0A7014A54FE979E281C25C1
WL-21f4bad7dc5bed75d85d08a2b67b0178-0
New Folder.exe
وثيقة 1.exe
0f98cb44b0a7014a54fe979e281c25c1
system3_.0f98cb44b0a7014a54fe979e281c25c1
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!