× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bce97f483056ebf66de8e6845352aca5afc58dced8ed5ab4d1657a088bf504b1
File name: Mulberry.exe
Detection ratio: 1 / 57
Analysis date: 2017-01-28 18:17:31 UTC ( 1 year, 11 months ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9969 20170125
Ad-Aware 20170128
AegisLab 20170128
AhnLab-V3 20170128
Alibaba 20170122
ALYac 20170128
Antiy-AVL 20170128
Arcabit 20170128
Avast 20170128
AVG 20170128
Avira (no cloud) 20170128
AVware 20170128
BitDefender 20170128
Bkav 20170123
CAT-QuickHeal 20170128
ClamAV 20170128
CMC 20170128
Comodo 20170128
CrowdStrike Falcon (ML) 20161024
Cyren 20170128
DrWeb 20170128
Emsisoft 20170128
ESET-NOD32 20170128
F-Prot 20170128
F-Secure 20170128
Fortinet 20170128
GData 20170128
Ikarus 20170128
Sophos ML 20170111
Jiangmin 20170128
K7AntiVirus 20170128
K7GW 20170128
Kaspersky 20170128
Kingsoft 20170128
Malwarebytes 20170128
McAfee 20170128
McAfee-GW-Edition 20170128
Microsoft 20170128
eScan 20170128
NANO-Antivirus 20170128
nProtect 20170128
Panda 20170128
Qihoo-360 20170128
Rising 20170128
Sophos AV 20170128
SUPERAntiSpyware 20170128
Symantec 20170127
Tencent 20170128
TheHacker 20170128
TotalDefense 20170128
TrendMicro 20170128
TrendMicro-HouseCall 20170128
Trustlook 20170128
VBA32 20170127
VIPRE 20170128
ViRobot 20170128
Yandex 20170127
Zillya 20170128
Zoner 20170128
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-07-01 18:05:58
Entry Point 0x00003166
Number of sections 5
PE sections
Overlays
MD5 5a3e63500b2e5713d267e69c54d74dc2
File type font/x-snf
Offset 49664
Size 9806780
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
GetFileAttributesA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
DestroyWindow
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
RegisterClassA
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
BeginPaint
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
ScreenToClient
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 7
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2006:07:01 18:05:58+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3166

InitializedDataSize
166400

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 36b0bd10e1e32c4be5f61cf3033ecc1a
SHA1 5a080e902d486f75d00afcf8c6fa17b72a94126f
SHA256 bce97f483056ebf66de8e6845352aca5afc58dced8ed5ab4d1657a088bf504b1
ssdeep
196608:JGfQiyaAI9nDMI6dhrW88KUqmYr0vVbRitiBR2fhDMRifzYTb4:JGIER9p6dhcKGYab88Lai4

authentihash db91eb4da5d5f5431775d3c048e538f8f191f7d13cc257dca669993018090ff8
imphash 18bc6fa81e19f21156316b1ae696ed6b
File size 9.4 MB ( 9856444 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.6%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Tags
nsis peexe overlay software-collection

VirusTotal metadata
First submission 2009-06-11 12:17:17 UTC ( 9 years, 7 months ago )
Last submission 2019-01-04 03:38:11 UTC ( 1 week, 5 days ago )
File names Mulberry v4.0.8.exe
file-6384495_exe
Mulberry_4.0.8.exe
file
MULBERRY.EXE
Mulberry408.exe
Mulberry.exe
file
Mulberry_4.0.8.exe
Mulberry.exe
451702
BCE97F483056EBF66DE8E6845352ACA5AFC58DCED8ED5AB4D1657A088BF504B1
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!