× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb559ecbfb0f2f0ad85fd8ed120e28c1858d6fce92d5bd627a86858860a9858a
File name: 2_.txt.exe
Detection ratio: 7 / 46
Analysis date: 2013-11-26 19:08:15 UTC ( 3 years, 8 months ago ) View latest
Antivirus Result Update
AVG Crypt_s.EVY 20131126
ESET-NOD32 Win32/Sirefef.FY 20131126
Malwarebytes Rootkit.0Access 20131126
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20131126
Microsoft TrojanDropper:Win32/Sirefef.gen!D 20131126
Panda Suspicious file 20131126
Sophos AV Mal/ZAccess-BL 20131126
Yandex 20131126
AhnLab-V3 20131126
AntiVir 20131126
Antiy-AVL 20131126
Avast 20131126
Baidu-International 20131126
BitDefender 20131126
Bkav 20131126
ByteHero 20131126
CAT-QuickHeal 20131126
ClamAV 20131126
Commtouch 20131126
Comodo 20131126
DrWeb 20131126
Emsisoft 20131126
F-Prot 20131126
F-Secure 20131126
Fortinet 20131126
GData 20131126
Ikarus 20131126
Jiangmin 20131125
K7AntiVirus 20131126
K7GW 20131126
Kaspersky 20131126
Kingsoft 20130829
McAfee 20131126
eScan 20131126
NANO-Antivirus 20131126
Norman 20131126
nProtect 20131126
SUPERAntiSpyware 20131126
Symantec 20131126
TheHacker 20131126
TotalDefense 20131126
TrendMicro 20131126
TrendMicro-HouseCall 20131126
VBA32 20131126
VIPRE 20131126
ViRobot 20131126
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2013

Product Installer
Original name Installer_v1.0.exe
Internal name Installer_v1.0
File version 1.0.0.1
Description Installer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-11-25 22:08:04
Entry Point 0x0000C826
Number of sections 4
PE sections
PE imports
PropertySheetA
InitCommonControlsEx
CreateStatusWindowW
ImageList_Draw
ImageList_GetIconSize
ImageList_Remove
Ord(6)
ImageList_ReplaceIcon
PrintDlgExW
GetFileTitleW
GetSaveFileNameW
ChooseColorA
PrintDlgW
PrintDlgExA
GetSaveFileNameA
ChooseFontA
SetROP2
SetMapMode
GetTextExtentPointA
EnumFontsW
TextOutA
CreateRectRgnIndirect
CreateCompatibleDC
RealizePalette
gluTessNormal
gluTessBeginPolygon
gluNewNurbsRenderer
gluBeginTrim
gluSphere
gluNewQuadric
gluQuadricNormals
gluTessBeginContour
ImmRequestMessageW
ImmSetConversionStatus
ImmGetContext
ImmCreateContext
ImmGetGuideLineW
ImmIsUIMessageA
ImmSetOpenStatus
ImmGetCompositionStringW
InterlockedExchange
GetLastError
GetVolumePathNameW
GlobalMemoryStatus
RaiseException
LocalAlloc
UnmapViewOfFile
FindFirstFileA
FreeLibrary
PulseEvent
EnumResourceNamesA
LoadLibraryA
GetProcAddress
FileTimeToSystemTime
VarI1FromStr
SafeArrayUnaccessData
VarUI4FromI1
VarR8FromBool
OaBuildVersion
VarBoolFromDate
VarR8Round
LPSAFEARRAY_UserSize
glTexCoord2d
glTexCoord4f
glColor4sv
glPushMatrix
glGetBooleanv
glIndexPointer
glMap1f
glTexImage2D
SetScrollRange
SetWindowsHookExA
DrawIcon
GetSysColorBrush
OemToCharW
GetWindowLongW
SetThreadDesktop
SetClassLongA
toupper
_time64
iswxdigit
exit
strtoul
_toupper
_mbctoupper
towupper
CoFileTimeNow
CoInitializeEx
OleUninitialize
OleRegGetUserType
CoTaskMemAlloc
OleCreateFromData
OleCreateLink
CoReleaseServerProcess
PE exports
Number of PE resources by type
RT_ICON 4
RT_GROUP_ICON 2
RT_BITMAP 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
FINNISH DEFAULT 8
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
41984

ImageVersion
1.0

ProductName
Installer

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
Finnish

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
10.0

FileTypeExtension
exe

OriginalFileName
Installer_v1.0.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.0.0.1

TimeStamp
2013:11:25 23:08:04+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Installer_v1.0

ProductVersion
1.0.0.1

FileDescription
Installer

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2013

MachineType
Intel 386 or later, and compatibles

CompanyName
Installer

CodeSize
223232

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0xc826

ObjectFileType
Executable application

File identification
MD5 da273de44faef25d09f24719dd010e89
SHA1 904e07aa9fd8d788dc48c972fceb4cef931feb62
SHA256 bb559ecbfb0f2f0ad85fd8ed120e28c1858d6fce92d5bd627a86858860a9858a
ssdeep
6144:TuOZ+DoKELEDUaLDkYubv1WSauvSI2UdkITG:TuO8PUaLDkVbNWS9KIbea

authentihash bb26e8a10d9355f3f68640205e6675980f81e4aa9bc3bd7587842d491badb4a3
imphash ef0f9215c7a2961c15d6e66667bfd1ff
File size 260.0 KB ( 266240 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (76.4%)
Win32 Executable (generic) (12.4%)
Generic Win/DOS Executable (5.5%)
DOS Executable Generic (5.5%)
Tags
peexe suspicious-udp

VirusTotal metadata
First submission 2013-11-26 19:08:15 UTC ( 3 years, 8 months ago )
Last submission 2013-11-26 19:08:15 UTC ( 3 years, 8 months ago )
File names Installer_v1.0.exe
2_.txt.exe
Installer_v1.0
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
DNS requests
UDP communications