× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: afe34bfe2215b048915b1d55324f1679d598a0741123bc24274d4edc6e395a8d
File name: loader.exe
Detection ratio: 2 / 42
Analysis date: 2012-09-13 03:33:16 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20120912
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20120912
AVG 20120913
AhnLab-V3 20120912
AntiVir 20120913
Antiy-AVL 20120911
Avast 20120912
BitDefender 20120913
ByteHero 20120910
ClamAV 20120913
Commtouch 20120913
Comodo 20120913
DrWeb 20120913
ESET-NOD32 20120912
Emsisoft 20120913
F-Prot 20120912
F-Secure 20120913
Fortinet 20120830
GData 20120913
Ikarus 20120913
Jiangmin 20120913
K7AntiVirus 20120912
Kaspersky 20120913
McAfee 20120913
Microsoft 20120913
Norman 20120912
PCTools 20120913
Panda 20120912
Rising 20120912
SUPERAntiSpyware 20120911
Sophos 20120912
Symantec 20120913
TheHacker 20120911
TotalDefense 20120912
TrendMicro 20120913
TrendMicro-HouseCall 20120913
VBA32 20120912
VIPRE 20120913
ViRobot 20120913
VirusBuster 20120912
eSafe 20120911
nProtect 20120913
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-13 03:02:46
Link date 4:02 AM 9/13/2012
Entry Point 0x0000126C
Number of sections 18
PE sections
PE imports
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLastError
VirtualQuery
SetUnhandledExceptionFilter
TlsGetValue
ExitProcess
VirtualProtect
GetProcAddress
VirtualAlloc
LeaveCriticalSection
socket
recv
WSACleanup
WSAStartup
gethostbyname
connect
htons
closesocket
_cexit
__p__fmode
puts
__p__environ
fwrite
signal
printf
free
_onexit
atexit
abort
_setmode
vfprintf
__getmainargs
calloc
exit
atoi
_iob
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:09:13 04:02:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
4096

LinkerVersion
2.21

FileAccessDate
2014:02:10 11:17:54+01:00

EntryPoint
0x126c

InitializedDataSize
8704

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:02:10 11:17:54+01:00

UninitializedDataSize
512

File identification
MD5 78a908b1a6e7e3ab507cb736074f3780
SHA1 370a759dec1846dec60620926550a4909a510b4a
SHA256 afe34bfe2215b048915b1d55324f1679d598a0741123bc24274d4edc6e395a8d
ssdeep
384:Pvcj4tYB3jlgAXMzo9Fqk7QqDUE80DzbDkvrhUrKrdcWmcU3YeVIysx73EQV+HJK:2EYBzlge975HDkmrKrzmfCJLV+Axgyd

imphash b58659159ea32e642c5fe28174cfb2e0
File size 51.9 KB ( 53118 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe

VirusTotal metadata
First submission 2012-09-13 03:33:16 UTC ( 1 year, 7 months ago )
Last submission 2014-02-10 10:17:38 UTC ( 2 months ago )
File names file-4599943_exe
loader.exe
loader.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!