× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ba311ee5b5335b13d3dd060524ff250abddbac5f09769f5d284556d11b20a4bc
File name: suicide.exe
Detection ratio: 22 / 43
Analysis date: 2012-11-23 07:44:49 UTC ( 4 years, 9 months ago ) View latest
Antivirus Result Update
AhnLab-V3 ASD.Prevention 20121122
AntiVir TR/Rogue.KD.792844 20121121
BitDefender Trojan.Generic.KD.792844 20121122
Comodo TrojWare.Win32.Trojan.Agent.Gen 20121122
DrWeb Trojan.StartPage.49173 20121122
Emsisoft Trojan.Win32.StartPage.AMN (A) 20121121
ESET-NOD32 Win32/StartPage.OOW 20121121
F-Secure Trojan.Generic.KD.792844 20121122
GData Trojan.Generic.KD.792844 20121122
Ikarus Trojan.Win32.StartPage 20121122
Jiangmin Trojan/StartPage.qzo 20121122
Kaspersky HEUR:Trojan.Win32.StartPage 20121122
Kingsoft Win32.Troj.Undef.(kcloud) 20121119
McAfee Artemis!7CD01AD67F73 20121122
McAfee-GW-Edition Artemis!7CD01AD67F73 20121122
Microsoft Trojan:Win32/Startpage.UY 20121122
eScan Trojan.Generic.KD.792844 20121122
Norman W32/Malware.AEQGJ 20121121
nProtect Trojan.Generic.KD.792844 20121122
Panda Trj/CI.A 20121121
TrendMicro-HouseCall TROJ_GEN.R47H1KK 20121122
VIPRE Trojan.Win32.Generic!BT 20121122
Yandex 20121121
Antiy-AVL 20121121
Avast 20121122
AVG 20121121
ByteHero 20121116
CAT-QuickHeal 20121122
ClamAV 20121122
Commtouch 20121122
eSafe 20121121
F-Prot 20121122
Fortinet 20121122
K7AntiVirus 20121121
Rising 20121122
Sophos AV 20121122
SUPERAntiSpyware 20121122
Symantec 20121122
TheHacker 20121121
TotalDefense 20121121
TrendMicro 20121122
VBA32 20121122
ViRobot 20121122
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-11-19 17:30:29
Entry Point 0x000094BE
Number of sections 5
PE sections
PE imports
RegSetValueExA
RegCloseKey
RegCreateKeyExA
GetStdHandle
EncodePointer
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
lstrcatA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
GetModuleFileNameW
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
HeapSetInformation
EnumSystemLocalesA
SetHandleCount
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer
SetEnvironmentVariableA
TerminateProcess
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
Process32First
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
RtlUnwind
Process32Next
GetFileSize
OpenProcess
CreateDirectoryA
DeleteFileA
GetStartupInfoW
GetUserDefaultLCID
GetProcessHeap
CompareStringW
FindFirstFileExA
FindNextFileA
IsValidLocale
GetProcAddress
CreateFileW
IsDebuggerPresent
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
LCMapStringW
lstrlenA
GetConsoleCP
GetEnvironmentStringsW
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
CreateProcessA
IsValidCodePage
HeapCreate
Sleep
CoUninitialize
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:11:19 18:30:29+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
97280

LinkerVersion
10.0

FileTypeExtension
exe

InitializedDataSize
42496

SubsystemVersion
5.1

EntryPoint
0x94be

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 7cd01ad67f734f2f668cce3dd8961cfe
SHA1 edc74ad82da1a151c58d7691ef2746703a7c949a
SHA256 ba311ee5b5335b13d3dd060524ff250abddbac5f09769f5d284556d11b20a4bc
ssdeep
3072:ICyU57EEgRse25C7SWLH/g4j1AIdgbIIg5r/fLF:ICyoEEgRsx5mZjY4NubnYrXLF

authentihash de19ff55d1b267aa81ff60f20676aa156bcae5561176cfebc672f86a67f49e9a
imphash 2cd0183636d8743091f68654b30e3151
File size 137.5 KB ( 140800 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-11-20 20:21:04 UTC ( 4 years, 9 months ago )
Last submission 2015-12-03 07:41:16 UTC ( 1 year, 8 months ago )
File names 7cd01ad67f734f2f668cce3dd8961cfe
004468632
install.exe
install.exe
output.8466606.txt
7cd01ad67f734f2f668cce3dd8961cfe
ba311ee5b5335b13d3dd060524ff250abddbac5f09769f5d284556d11b20a4bc.exe
filename
1
97bf240707593ba0c4ec1c18c9446afa1399d0d4
8466606
install.exe
7cd01ad67f734f2f668cce3dd8961cfe
file-4792544_bin
suicide.exe
install.ex_
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Copied files
Deleted files
Set keys
Created processes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.