× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ad4be10dd6bf98a510b1d2f46648e588f49fef8de3cd8522ad7fd3d0915b5c08
File name: feq.html
Detection ratio: 25 / 42
Analysis date: 2012-08-31 13:58:12 UTC ( 5 years, 5 months ago ) View latest
Antivirus Result Update
AntiVir TR/Dropper.Gen 20120831
AVG unknown virus Win32/DH{MAAP} 20120831
BitDefender Gen:Trojan.Heur.iq0@InUaCZdi 20120831
ByteHero Trojan.Malware.Obscu.Gen.006 20120817
Commtouch W32/Dropper.gen8!Maximus 20120831
Comodo UnclassifiedMalware 20120831
DrWeb Trojan.DownLoader6.49798 20120831
Emsisoft Trojan-Dropper.Win32.Malf!IK 20120831
F-Prot W32/Dropper.gen8!Maximus 20120831
F-Secure Gen:Trojan.Heur.iq0@InUaCZdi 20120831
GData Gen:Trojan.Heur.iq0@InUaCZdi 20120831
Ikarus Trojan-Dropper.Win32.Malf 20120831
Jiangmin Trojan/Agent.hfrc 20120831
K7AntiVirus Trojan 20120830
Kaspersky Trojan-Spy.Win32.Agent.cdvo 20120831
McAfee Generic Dropper.p 20120831
McAfee-GW-Edition Artemis!265F46C572F4 20120831
Microsoft TrojanDropper:Win32/Malf.gen 20120831
Panda Suspicious file 20120831
Sophos AV Sus/Behav-1018 20120831
Symantec Suspicious.Cloud.5 20120831
TrendMicro TROJ_GEN.R47CDHU 20120831
TrendMicro-HouseCall TROJ_GEN.R47CDHU 20120831
VBA32 SScope.Trojan.Vundo.2721 20120831
ViRobot Trojan.Win32.A.Agent.143360.FP 20120831
AhnLab-V3 20120831
Antiy-AVL 20120831
Avast 20120831
CAT-QuickHeal 20120831
ClamAV 20120828
eSafe 20120830
ESET-NOD32 20120831
Fortinet 20120830
Norman 20120831
nProtect 20120831
PCTools 20120831
Rising 20120831
SUPERAntiSpyware 20120831
TheHacker 20120830
TotalDefense 20120830
VIPRE 20120831
VirusBuster 20120831
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) Nesoft Corp.

File version 5, 1, 2600, 2181
Description Internet Extensions for Win32
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-08-27 12:02:29
Entry Point 0x000016FE
Number of sections 4
PE sections
PE imports
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegSetValueExA
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
TlsAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
WinExec
FreeEnvironmentStringsA
GetStartupInfoA
SizeofResource
InterlockedIncrement
LockResource
WideCharToMultiByte
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetModuleHandleA
CreateThread
GetStringTypeA
SetFilePointer
ReadFile
GetCurrentThreadId
WriteFile
GetCurrentProcess
CloseHandle
GetACP
HeapReAlloc
GetStringTypeW
ExpandEnvironmentStringsA
TerminateProcess
GetEnvironmentStrings
GetEnvironmentVariableA
LoadResource
VirtualFree
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetVersion
FindResourceA
VirtualAlloc
HeapCreate
SetLastError
LeaveCriticalSection
Number of PE resources by type
NOD_RES 1
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
122880

ImageVersion
0.0

FileVersionNumber
5.1.2600.2181

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5, 1, 2600, 2181

TimeStamp
2012:08:27 13:02:29+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5, 1, 2600, 2181

FileDescription
Internet Extensions for Win32

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) Nesoft Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Copyright (C) Nesoft Corp.

CodeSize
20480

FileSubtype
0

ProductVersionNumber
5.1.2600.2181

EntryPoint
0x16fe

ObjectFileType
Executable application

File identification
MD5 265f46c572f4e5a3b17d39cb74f01e15
SHA1 8dd47bd2e6adb052a72488e44ec56286a51f995c
SHA256 ad4be10dd6bf98a510b1d2f46648e588f49fef8de3cd8522ad7fd3d0915b5c08
ssdeep
3072:Z2mp5QAD7/Bo6MjqnZRiFK6kG0mMFtog:Z2WDLlZRq0/og

authentihash 2378cef664cb1e65cb6d27674258887dfdc822c01119b164e6d2be4ae29df94f
imphash a39d377aba85c2dff66bcf07016ee656
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-08-30 17:25:02 UTC ( 5 years, 5 months ago )
Last submission 2012-10-15 00:03:39 UTC ( 5 years, 4 months ago )
File names feq.exe
0AQmeU.rtf
aa
feq.ex#
feq.html-nUUQci
143360_265f46c572f4e5a3b17d39cb74f01e15.exe
scvhost.exe
2148351
feq.html
Bl31Xnt.cpl
fbGipXqk.vcf
gJWL.rtf
265F46C572F4E5A3B17D39CB74F01E15.bin
output.2148351.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!