× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb559ecbfb0f2f0ad85fd8ed120e28c1858d6fce92d5bd627a86858860a9858a
File name: 2_.txt.exe
Detection ratio: 7 / 46
Analysis date: 2013-11-26 19:08:15 UTC ( 1 year, 3 months ago ) View latest
Antivirus Result Update
AVG Crypt_s.EVY 20131126
ESET-NOD32 Win32/Sirefef.FY 20131126
Malwarebytes Rootkit.0Access 20131126
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20131126
Microsoft TrojanDropper:Win32/Sirefef.gen!D 20131126
Panda Suspicious file 20131126
Sophos Mal/ZAccess-BL 20131126
Agnitum 20131126
AhnLab-V3 20131126
AntiVir 20131126
Antiy-AVL 20131126
Avast 20131126
Baidu-International 20131126
BitDefender 20131126
Bkav 20131126
ByteHero 20131126
CAT-QuickHeal 20131126
ClamAV 20131126
Commtouch 20131126
Comodo 20131126
DrWeb 20131126
Emsisoft 20131126
F-Prot 20131126
F-Secure 20131126
Fortinet 20131126
GData 20131126
Ikarus 20131126
Jiangmin 20131125
K7AntiVirus 20131126
K7GW 20131126
Kaspersky 20131126
Kingsoft 20130829
McAfee 20131126
MicroWorld-eScan 20131126
NANO-Antivirus 20131126
Norman 20131126
SUPERAntiSpyware 20131126
Symantec 20131126
TheHacker 20131126
TotalDefense 20131126
TrendMicro 20131126
TrendMicro-HouseCall 20131126
VBA32 20131126
VIPRE 20131126
ViRobot 20131126
nProtect 20131126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
Copyright (C) 2013

Publisher Installer
Product Installer
Original name Installer_v1.0.exe
Internal name Installer_v1.0
File version 1.0.0.1
Description Installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-25 22:08:04
Link date 11:08 PM 11/25/2013
Entry Point 0x0000C826
Number of sections 4
PE sections
PE imports
PropertySheetA
InitCommonControlsEx
CreateStatusWindowW
ImageList_Draw
ImageList_GetIconSize
ImageList_Remove
Ord(6)
ImageList_ReplaceIcon
PrintDlgExW
GetFileTitleW
GetSaveFileNameW
ChooseColorA
PrintDlgW
PrintDlgExA
GetSaveFileNameA
ChooseFontA
SetROP2
SetMapMode
GetTextExtentPointA
EnumFontsW
TextOutA
CreateRectRgnIndirect
CreateCompatibleDC
RealizePalette
gluTessNormal
gluTessBeginPolygon
gluNewNurbsRenderer
gluBeginTrim
gluSphere
gluNewQuadric
gluQuadricNormals
gluTessBeginContour
ImmRequestMessageW
ImmSetConversionStatus
ImmGetContext
ImmCreateContext
ImmGetGuideLineW
ImmIsUIMessageA
ImmSetOpenStatus
ImmGetCompositionStringW
InterlockedExchange
GetLastError
GetVolumePathNameW
GlobalMemoryStatus
RaiseException
LocalAlloc
UnmapViewOfFile
FindFirstFileA
FreeLibrary
PulseEvent
EnumResourceNamesA
LoadLibraryA
GetProcAddress
FileTimeToSystemTime
Ord(280)
Ord(86)
Ord(251)
Ord(170)
Ord(24)
Ord(123)
Ord(291)
Ord(317)
glTexCoord2d
glTexCoord4f
glColor4sv
glPushMatrix
glGetBooleanv
glIndexPointer
glMap1f
glTexImage2D
SetScrollRange
SetWindowsHookExA
DrawIcon
GetSysColorBrush
OemToCharW
GetWindowLongW
SetThreadDesktop
SetClassLongA
toupper
_time64
iswxdigit
exit
strtoul
_toupper
_mbctoupper
towupper
CoFileTimeNow
CoInitializeEx
OleUninitialize
OleRegGetUserType
CoTaskMemAlloc
OleCreateFromData
OleCreateLink
CoReleaseServerProcess
PE exports
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
FINNISH DEFAULT 8
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Finnish

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
41984

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2013

FileVersion
1.0.0.1

TimeStamp
2013:11:25 23:08:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Installer_v1.0

FileAccessDate
2013:12:11 19:23:55+01:00

ProductVersion
1.0.0.1

FileDescription
Installer

OSVersion
5.1

FileCreateDate
2013:12:11 19:23:55+01:00

OriginalFilename
Installer_v1.0.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Installer

CodeSize
223232

ProductName
Installer

ProductVersionNumber
1.0.0.1

EntryPoint
0xc826

ObjectFileType
Executable application

File identification
MD5 da273de44faef25d09f24719dd010e89
SHA1 904e07aa9fd8d788dc48c972fceb4cef931feb62
SHA256 bb559ecbfb0f2f0ad85fd8ed120e28c1858d6fce92d5bd627a86858860a9858a
ssdeep
6144:TuOZ+DoKELEDUaLDkYubv1WSauvSI2UdkITG:TuO8PUaLDkVbNWS9KIbea

File size 260.0 KB ( 266240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-26 19:08:15 UTC ( 1 year, 3 months ago )
Last submission 2013-11-26 19:08:15 UTC ( 1 year, 3 months ago )
File names Installer_v1.0.exe
2_.txt.exe
Installer_v1.0
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!