× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb93796d78556f4c5df9ed8709552d276247987fa02c2577e873748a3ad3bbbe
File name: bb93796d78556f4c5df9ed8709552d276247987fa02c2577e873748a3ad3bbbe
Detection ratio: 3 / 27
Analysis date: 2014-01-30 19:57:24 UTC ( 1 year, 6 months ago ) View latest
Antivirus Result Update
Malwarebytes Hacktool.Agent 20140130
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.N 20140130
NANO-Antivirus Virus.Win32.Virut-Gen.bwpxnc 20140130
AVG 20140130
Ad-Aware 20140130
Agnitum 20140130
AhnLab-V3 20140130
AntiVir 20140130
Antiy-AVL 20140130
Avast 20140130
Baidu-International 20140130
BitDefender 20140130
Bkav 20140125
ByteHero 20140122
CAT-QuickHeal None
CMC 20140122
ClamAV 20140130
Commtouch 20140130
Comodo 20140130
DrWeb 20140130
ESET-NOD32 20140130
Emsisoft 20140130
F-Prot 20140130
F-Secure 20140130
Fortinet 20140130
GData 20140130
Ikarus 20140130
Jiangmin 20140130
K7AntiVirus 20140130
K7GW 20140130
Kaspersky 20140130
Kingsoft 20130829
McAfee 20140130
MicroWorld-eScan 20140130
Microsoft None
Norman None
Panda 20140130
Qihoo-360 20140122
Rising 20140130
SUPERAntiSpyware 20140130
Sophos 20140130
Symantec 20140130
TheHacker 20140128
TotalDefense 20140130
TrendMicro 20140130
TrendMicro-HouseCall 20140130
VBA32 20140130
VIPRE 20140130
ViRobot 20140130
nProtect 20140130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-10-31 16:53:19
Link date 5:53 PM 10/31/2007
Entry Point 0x0021A9A0
Number of sections 3
PE sections
PE imports
RegCloseKey
LineTo
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
OleLoadPicturePath
DragFinish
VerQueryValueA
midiOutOpen
PrintDlgA
GetAdaptersInfo
DoDragDrop
Number of PE resources by type
RT_ICON 6
RT_GROUP_CURSOR 3
RT_CURSOR 3
RT_MANIFEST 1
PICKLE 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
ExifTool file metadata
UninitializedDataSize
1613824

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.9.7.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
28672

FileOS
Win32

MIMEType
application/octet-stream

FileVersion
1.9.7.0

TimeStamp
2007:10:31 17:53:19+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:11:02 18:39:05+01:00

SubsystemVersion
4.0

Release
Final

OSVersion
4.0

FileCreateDate
2014:11:02 18:39:05+01:00

OriginalFilename
Windows Loader.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
593920

FileSubtype
0

ProductVersionNumber
1.9.7.0

EntryPoint
0x21a9a0

ObjectFileType
Executable application

File identification
MD5 356bef404eb742e4faab85e390b0a575
SHA1 61b1a5d3cff4b8f2702b01272728d639134387e8
SHA256 bb93796d78556f4c5df9ed8709552d276247987fa02c2577e873748a3ad3bbbe
ssdeep
49152:gEYCFEEbiyC1jczKvRgpYpuWV355FXw/+WuWV355FXw/+IuWV355FXw/+p4wCu+8:gEYz8ix1jczK5gp+

authentihash 82f9d181ae1fa71c6fc38b3ae84d4f1735b77938d8bfa59cf2d9605367db3b3d
imphash ac2ed402c59cc91af94988a7c20ffd67
File size 3.1 MB ( 3272463 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe upx

VirusTotal metadata
First submission 2014-01-10 00:23:14 UTC ( 1 year, 6 months ago )
Last submission 2014-01-30 19:57:24 UTC ( 1 year, 6 months ago )
File names Windows Loader.exe
vti-rescan
bb93796d78556f4c5df9ed8709552d276247987fa02c2577e873748a3ad3bbbe
bb93796d78556f4c5df9ed8709552d276247987fa02c2577e873748a3ad3bbbe.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/doc/pua.html .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Set keys
Deleted keys
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications