× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bda0e6a172713e5c959027c78402ee697f95fd8a75fb2519ded7fa5fb188fcae
File name: downloadFromHAR.exe
Detection ratio: 1 / 55
Analysis date: 2014-09-14 15:33:58 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Bkav W32.HfsAutoB.88F7 20140913
Ad-Aware 20140914
AegisLab 20140914
Yandex 20140913
AhnLab-V3 20140914
Antiy-AVL 20140914
Avast 20140914
AVG 20140914
Avira (no cloud) 20140914
AVware 20140914
Baidu-International 20140914
BitDefender 20140914
ByteHero 20140914
CAT-QuickHeal 20140913
ClamAV 20140914
CMC 20140913
Comodo 20140914
Cyren 20140914
DrWeb 20140914
Emsisoft 20140914
ESET-NOD32 20140914
F-Prot 20140913
F-Secure 20140914
Fortinet 20140914
GData 20140914
Ikarus 20140914
Jiangmin 20140913
K7AntiVirus 20140912
K7GW 20140912
Kaspersky 20140914
Kingsoft 20140914
Malwarebytes 20140914
McAfee 20140914
McAfee-GW-Edition 20140913
Microsoft 20140914
eScan 20140914
NANO-Antivirus 20140914
Norman 20140914
nProtect 20140914
Panda 20140914
Qihoo-360 20140914
Rising 20140914
Sophos AV 20140914
SUPERAntiSpyware 20140914
Symantec 20140914
Tencent 20140914
TheHacker 20140913
TotalDefense 20140914
TrendMicro 20140914
TrendMicro-HouseCall 20140914
VBA32 20140911
VIPRE 20140914
ViRobot 20140914
Zillya 20140913
Zoner 20140912
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
extramaster

Product Download From HAR
Original name downloadFromHAR.exe
Internal name downloadfromhar
File version 1.0
Description Download content from HAR files.
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-14 14:09:02
Entry Point 0x0000A6E1
Number of sections 7
PE sections
PE imports
SHGetFolderPathW
SHGetFolderPathA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
GetStdHandle
FileTimeToDosDateTime
GetFileAttributesA
WaitForSingleObject
FindFirstFileW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
LocalAlloc
GetThreadContext
GetLocaleInfoW
GetFullPathNameA
GetTempPathA
WideCharToMultiByte
WriteFile
GetDiskFreeSpaceA
SetFileAttributesA
SetEvent
LocalFree
InitializeCriticalSection
LoadResource
GetStringTypeExW
GetLogicalDriveStringsW
FindClose
TlsGetValue
QueryDosDeviceW
FormatMessageA
SetFileAttributesW
GetStringTypeExA
SetLastError
WriteProcessMemory
RemoveDirectoryW
ExitProcess
GetModuleFileNameA
EnumCalendarInfoA
LoadLibraryExA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
FlushInstructionCache
GetModuleHandleA
GetFullPathNameW
GetSystemDirectoryW
GetSystemDirectoryA
SetThreadContext
SetCurrentDirectoryW
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
SetCurrentDirectoryA
CloseHandle
EnterCriticalSection
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
ExitThread
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
ReadProcessMemory
GetCPInfo
DeleteFileW
GetProcAddress
VirtualProtectEx
GetTempFileNameW
CompareStringW
GetModuleFileNameW
FindFirstFileA
CreateDirectoryW
ResetEvent
GetTempFileNameA
FindNextFileA
CreateFileW
CreateEventA
TlsSetValue
CreateFileA
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
VirtualAllocEx
lstrlenA
FindResourceW
GetThreadLocale
RemoveDirectoryA
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
SetFileTime
GetCurrentDirectoryA
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
ReadFile
FindNextFileW
lstrcpynA
GetACP
GetVersion
FreeResource
IsBadStringPtrW
GetTempPathW
PostQueuedCompletionStatus
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
CompareStringA
ZwProtectVirtualMemory
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFormatCurrentUserKeyPath
RtlInitAnsiString
LdrGetProcedureAddress
LdrLoadDll
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
GetErrorInfo
SysFreeString
VariantInit
PathMatchSpecW
CharLowerBuffW
GetSystemMetrics
LoadStringA
CharLowerA
CharNextA
CharUpperW
MessageBoxA
CharLowerW
CharUpperBuffW
CharUpperA
GetKeyboardType
CharToOemA
PE exports
Number of PE resources by type
RT_ICON 8
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 10
PE resources
ExifTool file metadata
SubsystemVersion
6.0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
English (British)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
425472

EntryPoint
0xa6e1

OriginalFileName
downloadFromHAR.exe

MIMEType
application/octet-stream

LegalCopyright
extramaster

FileVersion
1.0

TimeStamp
2014:09:14 15:09:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
downloadfromhar

ProductVersion
1.0

FileDescription
Download content from HAR files.

OSVersion
6.0

FileOS
Unknown (0)

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
extramaster

CodeSize
78848

ProductName
Download From HAR

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Unknown

File identification
MD5 853867813fc1b74b25cbfc9351c84890
SHA1 724bb8654f290dd4d152c17b016197e0b5f58158
SHA256 bda0e6a172713e5c959027c78402ee697f95fd8a75fb2519ded7fa5fb188fcae
ssdeep
49152:QBm+bPxAIhzictvcb1qnvZVfPUOLkcNs6DRmB8XuSidFWe4oA7c:QUWPxA+JeqnvZBPUObN9Dz+rgoA7

authentihash 2dcbbb34f4e2bc97daa4024a6a23e888dd00e9679f32d2c6947941597db807ff
imphash 25c0914e1e7dc7c3bb957d88e787a155
File size 3.1 MB ( 3286016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-09-14 15:33:58 UTC ( 3 years, 3 months ago )
Last submission 2017-11-28 11:16:44 UTC ( 2 weeks, 4 days ago )
File names downloadFromHAR.exe
downloadFromHAR.exe
downloadfromhar
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications