× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ab3ee0f2914deb0098a2cbf756cf0fa06db71427a8c9b18a72942ef41014543e
File name: a.exe
Detection ratio: 5 / 43
Analysis date: 2011-03-20 03:37:27 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen 20110318
BitDefender Gen:Trojan.Heur.RP.bqW@aKsaFagb 20110320
F-Secure Gen:Trojan.Heur.RP.bqW@aKsaFagb 20110320
GData Gen:Trojan.Heur.RP.bqW@aKsaFagb 20110320
Panda Suspicious file 20110319
AVG 20110320
AhnLab-V3 20110319
Antiy-AVL 20110320
Avast 20110319
Avast5 20110319
CAT-QuickHeal 20110319
ClamAV 20110320
Commtouch 20110319
Comodo 20110320
DrWeb 20110320
Emsisoft 20110320
F-Prot 20110319
Fortinet 20110320
Ikarus 20110319
Jiangmin 20110318
K7AntiVirus 20110319
Kaspersky 20110320
McAfee 20110320
McAfee-GW-Edition 20110319
Microsoft 20110319
NOD32 20110319
Norman 20110319
PCTools 20110320
Prevx 20110320
Rising 20110318
SUPERAntiSpyware 20110319
Sophos 20110320
Symantec 20110320
TheHacker 20110319
TrendMicro 20110319
TrendMicro-HouseCall 20110320
VBA32 20110318
VIPRE 20110320
ViRobot 20110319
VirusBuster 20110319
eSafe 20110317
eTrust-Vet 20110318
nProtect 20110215
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-11-11 06:33:02
Link date 7:33 AM 11/11/2009
Entry Point 0x00003B4F
Number of sections 4
PE sections
PE imports
CloseServiceHandle
RegCloseKey
StartServiceCtrlDispatcherA
OpenServiceA
SetServiceStatus
CreateServiceA
RegSetValueExA
StartServiceA
RegOpenKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA
PeekNamedPipe
TerminateThread
FreeLibrary
CopyFileA
LoadLibraryA
GetSystemDirectoryA
DisconnectNamedPipe
GetCurrentProcess
DeleteFileA
GetModuleFileNameA
WaitForMultipleObjects
GetModuleHandleA
GetTempPathA
CreateThread
SetFilePointer
CreatePipe
ReadFile
WriteFile
GetStartupInfoA
CloseHandle
DuplicateHandle
GetProcAddress
TerminateProcess
CreateProcessA
Sleep
CreateFileA
Ord(823)
Ord(825)
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
_except_handler3
__p__fmode
_XcptFilter
_adjust_fdiv
_acmdln
__p__commode
strchr
__setusermatherr
_strcmpi
__dllonexit
_onexit
atoi
exit
sprintf
__getmainargs
_initterm
_controlfp
_exit
strncpy
__set_app_type
__WSAFDIsSet
WSASocketA
setsockopt
closesocket
inet_addr
send
WSACleanup
WSAStartup
connect
htons
recv
select
Number of PE resources by type
RT_STRING 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:11:11 07:33:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
11776

LinkerVersion
6.0

FileAccessDate
2014:02:24 01:24:44+01:00

EntryPoint
0x3b4f

InitializedDataSize
6144

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:02:24 01:24:44+01:00

UninitializedDataSize
0

File identification
MD5 438983192903f3fecf77500a39459ee6
SHA1 12f12f03151c58b28a7d7246c7006888af2419e4
SHA256 ab3ee0f2914deb0098a2cbf756cf0fa06db71427a8c9b18a72942ef41014543e
ssdeep
384:JIfilIhBJyeX2fcwu4CFIZ9R9VBpDO21G:JIfilIZ2fcwtCFm9rpDR

imphash e1e2e81e9b5b85529e66e2983e9475c0
File size 16.0 KB ( 16384 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2011-03-20 03:37:27 UTC ( 3 years, 3 months ago )
Last submission 2014-01-01 20:24:23 UTC ( 6 months, 1 week ago )
File names WEBC2-RAVE_sample_438983192903F3FECF77500A39459EE6
438983192903f3fecf77500a39459ee6
winsrv.exe
WEBC2-RAVE_sample_438983192903F3FECF77500A39459EE6-9283545-1376710857-tmp
VirusShare_438983192903f3fecf77500a39459ee6
a.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!