× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bccfc16327d3bf16e2e64296d161b592b9af7ae6ffc168798ac10b5fac237394
File name: content
Detection ratio: 2 / 55
Analysis date: 2015-12-09 05:59:06 UTC ( 2 years, 7 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Generik.CEWTKCA 20151209
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20151209
Ad-Aware 20151209
AegisLab 20151208
Yandex 20151208
AhnLab-V3 20151208
Alibaba 20151208
ALYac 20151209
Antiy-AVL 20151209
Arcabit 20151209
Avast 20151209
AVG 20151209
Avira (no cloud) 20151209
AVware 20151209
Baidu-International 20151208
BitDefender 20151209
Bkav 20151208
ByteHero 20151209
CAT-QuickHeal 20151208
ClamAV 20151208
CMC 20151201
Comodo 20151209
Cyren 20151209
DrWeb 20151209
Emsisoft 20151209
F-Prot 20151209
F-Secure 20151208
Fortinet 20151209
GData 20151209
Ikarus 20151209
Jiangmin 20151208
K7AntiVirus 20151208
K7GW 20151209
Kaspersky 20151209
Malwarebytes 20151209
McAfee 20151209
McAfee-GW-Edition 20151209
Microsoft 20151209
eScan 20151209
NANO-Antivirus 20151209
nProtect 20151209
Panda 20151208
Rising 20151208
Sophos AV 20151209
SUPERAntiSpyware 20151209
Symantec 20151208
TheHacker 20151209
TotalDefense 20151208
TrendMicro 20151209
TrendMicro-HouseCall 20151209
VBA32 20151208
VIPRE 20151209
ViRobot 20151209
Zillya 20151208
Zoner 20151209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1987-1998 Microsoft Corp.

Product MSMask
Internal name MSMask
File version 6.00.8418
Description MSMask
Comments February 22, 1999
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-12-08 20:37:51
Entry Point 0x0000105A
Number of sections 7
PE sections
PE imports
GetClusterKey
ClusterRegOpenKey
ClusterEnum
GetTextExtentPointW
GetLastError
GetWriteWatch
Toolhelp32ReadProcessMemory
EnterCriticalSection
LCMapStringW
VerifyVersionInfoA
VirtualAllocEx
GetCommMask
lstrcmpiA
DefineDosDeviceW
OpenEventW
FreeLibrary
QueryPerformanceCounter
EscapeCommFunction
CreateJobSet
ExitProcess
ReadConsoleInputW
BuildCommDCBW
SetConsoleCursorPosition
GetModuleHandleW
SetProcessPriorityBoost
LoadLibraryA
GetLocalTime
RaiseException
GlobalSize
CreatePipe
FatalAppExitW
GetCPInfoExW
GetEnvironmentStrings
WritePrivateProfileSectionA
CommConfigDialogW
LocalAlloc
WriteProfileStringA
lstrcatA
GetSystemDefaultLCID
GetCompressedFileSizeW
HeapQueryInformation
GetWindowsDirectoryA
GetDateFormatW
GetThreadLocale
FreeEnvironmentStringsW
BackupWrite
SetProcessAffinityMask
lstrcatW
SetEnvironmentVariableA
FillConsoleOutputAttribute
SetComputerNameW
CreateWaitableTimerW
lstrlenA
QueryPerformanceFrequency
GetFileSizeEx
GetCPInfo
SetEnvironmentVariableW
ReadFileEx
CreateFileMappingA
GlobalFree
InterlockedExchange
CreateDirectoryW
WriteFile
GlobalMemoryStatusEx
GetComputerNameA
TerminateProcess
GlobalLock
TzSpecificLocalTimeToSystemTime
GetProcAddress
SetCommTimeouts
ReadConsoleA
LocalFree
GetDefaultCommConfigA
GetDiskFreeSpaceExA
AllocConsole
CreateProcessA
FreeLibraryAndExitThread
HeapSetInformation
SetLocaleInfoA
CreateFileW
GetEnvironmentStringsW
GetTapePosition
GetFileAttributesExA
IsBadCodePtr
VirtualQueryEx
SetLocaleInfoW
SetLastError
LeaveCriticalSection
MprInfoBlockSet
MprAdminConnectionClearStats
VarUI1FromCy
VarUI4FromBool
Ord(180)
Ord(179)
SHLoadNonloadedIconOverlayIdentifiers
MessageBoxA
SetWindowLongW
GetKeyboardLayoutList
IsCharUpperW
wcsftime
vprintf
tmpfile
free
putchar
printf
perror
fgetws
strncat
cos
_chkstk
wcstoul
wcscpy
iscntrl
isalpha
wcsncmp
towupper
PdhGetCounterInfoA
Number of PE resources by type
RT_STRING 16
RT_DIALOG 2
RT_ICON 1
TYPELIB 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 23
PE resources
Debug information
ExifTool file metadata
CodeSize
65536

SubsystemVersion
4.0

Comments
February 22, 1999

InitializedDataSize
147456

ImageVersion
0.0

ProductName
MSMask

FileVersionNumber
6.0.84.18

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
8.0

FileTypeExtension
exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.00.8418

TimeStamp
2015:12:08 21:37:51+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
MSMask

ProductVersion
6.00.8418

FileDescription
MSMask

OSVersion
5.0

FileOS
Windows NT 32-bit

LegalCopyright
Copyright 1987-1998 Microsoft Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

LegalTrademarks
Microsoft is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation.

FileSubtype
0

ProductVersionNumber
6.0.84.18

EntryPoint
0x105a

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 caa4d0f751b30b57db9d7f5f862fb5e5
SHA1 d1416871e0da74404be9eef0c4508ccb58000017
SHA256 bccfc16327d3bf16e2e64296d161b592b9af7ae6ffc168798ac10b5fac237394
ssdeep
3072:fIVF8LiSDGr7P114eR/HZAoAZxK2it1KC/3c6CmVXdTavr3ZYAG+/UmL/:fIVF8qV14O/5A97K2i7/vc6CmVNTKVN

authentihash 0e9c2d3b9a771ac3e0475b694791ce1409d23dbbca5b597b3cbf8728bf4d2355
imphash 2fca7569cf8e52a62f0bcee6198591a8
File size 208.0 KB ( 212992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2015-12-08 23:22:23 UTC ( 2 years, 7 months ago )
Last submission 2018-04-25 11:43:36 UTC ( 2 months, 3 weeks ago )
File names MSMask
content
39J3qEss.wbs
ccf7f1384b86cbd3d2da99010113606a2f7b197c
codakes.exe
VirusShare_caa4d0f751b30b57db9d7f5f862fb5e5
33s5d7.exe
33s5d7.exe
scrcons.exe
caa4d0f751b30b57db9d7f5f862fb5e5.exe
VirusShare_caa4d0f751b30b57db9d7f5f862fb5e5
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections