× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b572b2f8ceccb8309846a0ae74ce20b20552e7b1d73167f779cfff924f558ba0
File name: svchost.pif
Detection ratio: 4 / 42
Analysis date: 2012-09-04 09:02:06 UTC ( 6 years, 5 months ago ) View latest
Antivirus Result Update
PCTools Trojan.Gen 20120903
Sophos AV Sus/Behav-1004 20120903
Symantec Trojan.Gen.2 20120903
TrendMicro-HouseCall TROJ_GEN.R3FH1HQ 20120903
AhnLab-V3 20120903
AntiVir 20120903
Antiy-AVL 20120903
Avast 20120903
AVG 20120903
BitDefender 20120903
ByteHero 20120831
CAT-QuickHeal 20120903
ClamAV 20120828
Commtouch 20120903
Comodo 20120903
DrWeb 20120903
Emsisoft 20120903
eSafe 20120902
ESET-NOD32 20120903
F-Prot 20120903
F-Secure 20120903
Fortinet 20120830
GData 20120903
Ikarus 20120903
Jiangmin 20120903
K7AntiVirus 20120903
Kaspersky 20120903
McAfee 20120903
McAfee-GW-Edition 20120903
Microsoft 20120903
Norman 20120902
nProtect 20120903
Panda 20120903
Rising 20120903
SUPERAntiSpyware 20120903
TheHacker 20120903
TotalDefense 20120903
TrendMicro 20120903
VBA32 20120903
VIPRE 20120903
ViRobot 20120903
VirusBuster 20120902
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00936E70
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ImageList_Add
PrintDlgA
CryptMsgClose
SaveDC
CoInitialize
VariantCopy
DragFinish
VerQueryValueA
InternetOpenA
OpenPrinterA
Number of PE resources by type
RT_RCDATA 45
RT_STRING 40
RT_BITMAP 34
RT_GROUP_CURSOR 9
RT_CURSOR 9
RT_DIALOG 1
DB 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 138
RUSSIAN 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
7966720

LinkerVersion
2.25

FileTypeExtension
exe

InitializedDataSize
12288

SubsystemVersion
4.0

EntryPoint
0x936e70

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
1695744

File identification
MD5 89d42e3e50addec349b5a4c09fabb46f
SHA1 6e05960b06213424b437a1246b8182b5c7be6f5e
SHA256 b572b2f8ceccb8309846a0ae74ce20b20552e7b1d73167f779cfff924f558ba0
ssdeep
196608:O0nucZV8rwnV7amEe8GarC6H0Ektfi6SrCGLiaTceYQG9dro2V9D67Zr8tUD:OPwVzEVrrC6dkta6S/Lz7YTlDVx67ZmU

authentihash 668fda21ba951fa20a93a0246e4757246c4b75453b185a5d89fec6218bce0df9
imphash 8505345313e7f554ba2f49313bff16f0
File size 7.6 MB ( 7974912 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
Win16/32 Executable Delphi generic (2.9%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-05-28 16:37:54 UTC ( 6 years, 9 months ago )
Last submission 2017-02-17 06:48:23 UTC ( 2 years ago )
File names svchost.pif
output.9017841.txt
TxCDkaOp4J.jpg
svchost.pif
aa
89d42e3e50addec349b5a4c09fabb46f.6e05960b06213424b437a1246b8182b5c7be6f5e
avz.exe
9017841
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!