× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af0fa9392300b86da699203a1bade799e98ac3c2fa28688738eac9e6bdea13d7
File name: 59479a62369fc1cf52cd9cb3d1edb3ca
Detection ratio: 40 / 51
Analysis date: 2014-03-21 10:17:41 UTC ( 4 years, 1 month ago )
Antivirus Result Update
Ad-Aware Adware.Funpop.C 20140321
Yandex Adware.Funpop!3k0QbNQvBOs 20140320
AhnLab-V3 PUP/Win32.F2Day 20140320
AntiVir ADSPY/Give2SMS.5 20140321
Antiy-AVL Trojan/Win32.Genome 20140320
Avast NSIS:Downloader-DJ [Trj] 20140321
AVG Dropper.Agent.YSX 20140321
BitDefender Adware.Funpop.C 20140321
Bkav W32.S_Ddel.Trojan 20140321
CAT-QuickHeal Trojan.Agent.nj 20140320
Commtouch W32/Trojan.SQYQ-9372 20140321
Comodo ApplicUnwnt.Win32.Adware.Krdr.~b 20140321
DrWeb Adware.WebBrowserNavigate 20140321
Emsisoft Adware.Funpop.C (B) 20140321
ESET-NOD32 Win32/Adware.Funpop 20140321
F-Prot W32/Trojan2.NFDN 20140321
F-Secure Adware.Funpop.C 20140321
Fortinet W32/Adware_fam.NB 20140321
GData Adware.Funpop.C 20140321
Ikarus AdWare.Funpop 20140321
K7AntiVirus Trojan ( bc78a3520 ) 20140320
K7GW Riskware ( 0015e4f21 ) 20140320
Kingsoft Win32.Troj.Agent.(kcloud) 20140321
Malwarebytes Adware.FunPop 20140321
McAfee Artemis!59479A62369F 20140321
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-PKR.G 20140321
Microsoft Adware:Win32/Funpop 20140321
eScan Adware.Funpop.C 20140321
NANO-Antivirus Trojan.Win32.Funpop.gsook 20140321
Norman Agent.ZCRR 20140321
nProtect Adware.Funpop.C 20140321
Panda Trj/CI.A 20140321
Qihoo-360 Win32/Virus.Adware.a1b 20140321
Rising PE:Trojan.Win32.Generic.123561CE!305488334 20140321
Sophos AV Generic PUA GM 20140321
Symantec Adware.Gen 20140321
TrendMicro TROJ_SPNR.0BIR11 20140321
TrendMicro-HouseCall TROJ_SPNR.0BIR11 20140321
VBA32 Adware.Funpop 20140320
VIPRE Trojan.Win32.Generic!BT 20140321
AegisLab 20140321
Baidu-International 20140321
ByteHero 20140321
ClamAV 20140321
CMC 20140319
Jiangmin 20140321
Kaspersky 20140321
SUPERAntiSpyware 20140321
TheHacker 20140320
TotalDefense 20140321
ViRobot 20140321
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
Command NSIS
F-PROT NSIS, NSIS, NSIS, NSIS, NSIS, NSIS, NSIS
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-11-12 16:04:29
Entry Point 0x00003511
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
SetFilePointer
GetLastError
GetUserDefaultLangID
LoadLibraryA
CreateFileMappingA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
CreateDirectoryA
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
SetFileTime
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
lstrlenA
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
GetModuleHandleA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
DestroyWindow
FindWindowExA
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
DialogBoxParamA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
GetAsyncKeyState
SystemParametersInfoA
BeginPaint
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
IsDlgButtonChecked
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 4
RT_DIALOG 4
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:11:12 17:04:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
25088

LinkerVersion
6.0

FileAccessDate
2014:03:21 11:22:01+01:00

EntryPoint
0x3511

InitializedDataSize
172544

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:21 11:22:01+01:00

UninitializedDataSize
1024

File identification
MD5 59479a62369fc1cf52cd9cb3d1edb3ca
SHA1 03c5e7f5830867de4530eb26b7287a236936b15f
SHA256 af0fa9392300b86da699203a1bade799e98ac3c2fa28688738eac9e6bdea13d7
ssdeep
6144:1N7DMImXtZgJT0sNLLkHEUVlHYvU1kwblbFpQ59m62aKgLylrVshn/MX:wBPgJYsNLTUVlHY0kwblbFpboKVshn/U

imphash 3c1b27083f9fe9eb9b4f9671a370a84d
File size 264.4 KB ( 270703 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
nsis peexe

VirusTotal metadata
First submission 2010-09-21 15:54:27 UTC ( 7 years, 7 months ago )
Last submission 2014-03-21 10:17:41 UTC ( 4 years, 1 month ago )
File names smona130683317474122396966
59479a62369fc1cf52cd9cb3d1edb3ca
aa
h8wnTRKbI.dotm
WwwLR9V9P3.bz2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!