× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c087c7e0bc9b72f6148bee60a172b0f944ee61e3d3e77cafbd908595deec67fa
File name: OTL.exe
Detection ratio: 6 / 42
Analysis date: 2012-05-03 21:21:58 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
ClamAV PUA.Packed.PECompact-1 20120503
DrWeb Trojan.Siggen3.61192 20120503
eSafe Suspicious File 20120502
PCTools Backdoor.Graybird!rem 20120503
Symantec Backdoor.Graybird 20120503
VirusBuster Packed/PECompact 20120503
AhnLab-V3 20120503
AntiVir 20120503
Antiy-AVL 20120503
Avast 20120503
AVG 20120503
BitDefender 20120503
ByteHero 20120503
CAT-QuickHeal 20120503
Commtouch 20120503
Comodo 20120503
Emsisoft 20120503
eTrust-Vet 20120503
F-Prot 20120503
F-Secure 20120503
Fortinet 20120503
GData 20120503
Ikarus 20120503
Jiangmin 20120503
K7AntiVirus 20120502
Kaspersky 20120503
McAfee 20120503
McAfee-GW-Edition 20120503
Microsoft 20120503
NOD32 20120503
Norman 20120503
nProtect 20120503
Panda 20120503
Rising 20120502
Sophos AV 20120503
SUPERAntiSpyware 20120411
TheHacker 20120503
TrendMicro 20120503
TrendMicro-HouseCall 20120503
VBA32 20120503
VIPRE 20120503
ViRobot 20120503
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product OTL
Original name OTL.exe
Internal name OTL.exe
File version 3.2.42.2
Comments Public Release
Packers identified
F-PROT PECompact, PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 2
PE sections
PE imports
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_STRING 36
RT_BITMAP 21
RT_GROUP_CURSOR 9
RT_CURSOR 9
UNICODEDATA 6
RT_RCDATA 4
RT_MANIFEST 1
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 76
FRENCH 6
GERMAN 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
Public Release

InitializedDataSize
385536

ImageVersion
0.0

ProductName
OTL

FileVersionNumber
3.2.42.2

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
OTL.exe

MIMEType
application/octet-stream

FileVersion
3.2.42.2

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
OTL.exe

ProductVersion
3.0.0.0

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OldTimer Tools

CodeSize
1999360

FileSubtype
0

ProductVersionNumber
3.2.42.2

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 fdf885ff476835b873d728abfe987d92
SHA1 637b5989d6d712a9318ac86110e4f0c63d94f40d
SHA256 c087c7e0bc9b72f6148bee60a172b0f944ee61e3d3e77cafbd908595deec67fa
ssdeep
12288:VWNXO47lq1wNJ6AQ2NZ329WzoXdJpB29PX3OozodsQU:cs47gEMAF329ooXdJEesQU

authentihash 61d95b056e8ca1089e7a135630ce07eb7d92f5543d2001b6f4722edf6d55559a
imphash 09d0478591d4f788cb3e5ea416c25237
File size 581.5 KB ( 595456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (v2.x) (50.1%)
Win32 EXE PECompact compressed (generic) (35.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
Win16/32 Executable Delphi generic (1.7%)
Tags
pecompact peexe

VirusTotal metadata
First submission 2012-04-29 15:34:03 UTC ( 5 years, 6 months ago )
Last submission 2016-01-11 06:04:35 UTC ( 1 year, 10 months ago )
File names file-3884273_exe
aa
FDF885FF476835B873D728ABFE987D92
nPb9JyNRo.tar
OTL.exe
c087c7e0bc9b72f6148bee60a172b0f944ee61e3d3e77cafbd908595deec67fa.vir
8jAhrgWWI.dotx
fdf885ff476835b873d728abfe987d92
otl.exe
F3712FC200E207A0166C0920666911003F2EDE28.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!