× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bc345d56f15f3a44a79125b8e5dcfc2ab2cb9e48dc4e1a4f8241beb41b650d83
File name: statue-of-liberty-animated-screensaver-507.exe
Detection ratio: 3 / 54
Analysis date: 2016-01-17 00:35:16 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.MulDrop5.14689 20160118
K7AntiVirus Riskware ( 0040eff71 ) 20160118
K7GW Riskware ( 0040eff71 ) 20160118
Ad-Aware 20160118
AegisLab 20160117
Yandex 20160117
AhnLab-V3 20160117
Alibaba 20160118
ALYac 20160118
Antiy-AVL 20160118
Arcabit 20160118
Avast 20160118
AVG 20160118
Avira (no cloud) 20160117
Baidu-International 20160117
BitDefender 20160118
Bkav 20160118
ByteHero 20160118
CAT-QuickHeal 20160118
ClamAV 20160118
CMC 20160111
Comodo 20160118
Cyren 20160118
Emsisoft 20160118
ESET-NOD32 20160118
F-Prot 20160118
F-Secure 20160118
Fortinet 20160118
GData 20160118
Ikarus 20160118
Jiangmin 20160118
Kaspersky 20160118
Malwarebytes 20160118
McAfee 20160118
McAfee-GW-Edition 20160118
Microsoft 20160118
eScan 20160118
NANO-Antivirus 20160118
nProtect 20160115
Panda 20160117
Qihoo-360 20160118
Rising 20160117
Sophos AV 20160118
SUPERAntiSpyware 20160117
Symantec 20160117
TheHacker 20160116
TotalDefense 20160118
TrendMicro 20160118
TrendMicro-HouseCall 20160118
VBA32 20160117
VIPRE 20160118
ViRobot 20160118
Zillya 20160117
Zoner 20160118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-08 18:20:03
Entry Point 0x00006293
Number of sections 4
PE sections
Overlays
MD5 07ff21f5cbb968d58ce594a1eb02f95e
File type data
Offset 143360
Size 5658227
Entropy 7.98
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
GetConsoleCP
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
CreateProcessA
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
ShellExecuteA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
RUSSIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2007:03:08 19:20:03+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x6293

InitializedDataSize
61440

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 d045253f366a229642ed6662753069b1
SHA1 94263f80da1c0595575a0fad35e8ef8c653647c2
SHA256 bc345d56f15f3a44a79125b8e5dcfc2ab2cb9e48dc4e1a4f8241beb41b650d83
ssdeep
98304:fnnzf0H/V3Y3+lSOtoTLKqQ/9Jl/mKbU2E8uIc9UAvhhtBGr73j0/eGOmBO0ucx9:78fV32R+qG9bbILVUAvhhtBGr7iemnNx

authentihash ca38951067d9a6be0f37849e4030205b36c87230c16670b8a9dc40751a95718a
imphash bbaa6df883da7768c895ff451a9e3564
File size 5.5 MB ( 5801587 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2012-02-29 17:15:18 UTC ( 7 years, 2 months ago )
Last submission 2015-01-29 17:38:40 UTC ( 4 years, 3 months ago )
File names aa
VirusShare_d045253f366a229642ed6662753069b1
fsM0IvHr.xlt
statue-of-liberty-animated-screensaver-507.exe
screensaver_statue_of_liberty.exe
BC345D56F15F3A44A79125B8E5DCFC2AB2CB9E48DC4E1A4F8241BEB41B650D83
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!