× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: b9ac49aee94a6e29ae2cd0ed79fc4e476118e2e292bd2aac06b043df7cd67106
File name: cmd_fw_installer_6106_c6.exe
Detection ratio: 18 / 55
Analysis date: 2015-12-05 05:16:25 UTC ( 2 years, 1 month ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Barys.3152 20151205
ALYac Gen:Variant.Barys.3152 20151204
Antiy-AVL Trojan[:HEUR]/Win32.AGeneric 20151205
Arcabit Trojan.Barys.DC50 20151205
Avira (no cloud) TR/Dropper.Gen 20151205
BitDefender Gen:Variant.Barys.3152 20151205
Emsisoft Gen:Variant.Barys.3152 (B) 20151205
ESET-NOD32 a variant of MSIL/Injector.CDQ 20151205
Fortinet MSIL/Dropper.ESN!tr 20151204
Ikarus Virus.ILCrypt 20151205
K7AntiVirus Riskware ( 0040eff71 ) 20151202
K7GW Riskware ( 0040eff71 ) 20151202
eScan Gen:Variant.Barys.3152 20151205
NANO-Antivirus Trojan.Win32.Injector.dkloer 20151205
Panda Trj/CI.A 20151204
Qihoo-360 HEUR/QVM03.0.Malware.Gen 20151205
Symantec Trojan.Gen.2 20151204
Tencent Win32.Trojan.Agent.bbfb 20151205
AegisLab 20151204
Yandex 20151210
AhnLab-V3 20151204
Alibaba 20151204
Avast 20151211
AVG 20151210
AVware 20151210
Baidu-International 20151204
Bkav 20151204
ByteHero 20151205
CAT-QuickHeal 20151204
ClamAV 20151204
CMC 20151201
Comodo 20151209
Cyren 20151205
DrWeb 20151211
F-Prot 20151211
F-Secure 20151211
GData 20151211
Jiangmin 20151210
Kaspersky 20151211
Malwarebytes 20151205
McAfee 20151211
McAfee-GW-Edition 20151211
Microsoft 20151211
nProtect 20151204
Rising 20151210
Sophos AV 20151211
SUPERAntiSpyware 20151205
TheHacker 20151209
TrendMicro 20151211
TrendMicro-HouseCall 20151211
VBA32 20151204
VIPRE 20151211
ViRobot 20151205
Zillya 20151210
Zoner 20151205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Original name Chew.exe
Internal name Chew.exe
File version 1.0.0.0
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-28 23:42:56
Entry Point 0x00787A8E
Number of sections 3
.NET details
Module Version ID d41d44cd-7bc1-4874-b380-1e465c703796
PE sections
PE imports
[+] mscoree.dll
_CorExeMain
Number of PE resources by type
RT_ICON 5
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
106496

EntryPoint
0x787a8e

OriginalFileName
Chew.exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2013:03:01 00:42:56+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Chew.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
7888896

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 47cf319cd7b5edbe14e1e5fb370dd051
SHA1 449977e16b7fafc3a32ee2e1f0e61977067e9153
SHA256 b9ac49aee94a6e29ae2cd0ed79fc4e476118e2e292bd2aac06b043df7cd67106
ssdeep
196608:zr2nFGZBTgROluSjXkCLyMpiZBTgROluSjXkCLyMpbK:zr2FGZBTg4luSTkCLyMpiZBTg4luSTkg

authentihash e781560c67e2a3b44f95f38c22f1669413f5b239009a54495a562db0e5fc179d
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 7.6 MB ( 7999488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
Win16/32 Executable Delphi generic (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2013-03-04 11:42:17 UTC ( 4 years, 10 months ago )
Last submission 2015-12-05 05:16:25 UTC ( 2 years, 1 month ago )
File names Chew.exe
Name‮3pm.exe
47cf319cd7b5edbe14e1e5fb370dd051
Chew7.exe
cmd_fw_installer_6106_c6.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy