× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c1c4784f25eeffdcee3179f0ee3c34f10219738defab8484f42c63d22d0be521
File name: Bhonyaku2.exe
Detection ratio: 0 / 42
Analysis date: 2012-05-30 10:14:06 UTC ( 6 years, 7 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120529
AntiVir 20120530
Antiy-AVL 20120530
Avast 20120530
AVG 20120530
BitDefender 20120530
ByteHero 20120530
CAT-QuickHeal 20120529
ClamAV 20120530
Commtouch 20120530
Comodo 20120530
DrWeb 20120530
Emsisoft 20120530
eSafe 20120529
F-Prot 20120530
F-Secure 20120530
Fortinet 20120530
GData 20120530
Ikarus 20120530
Jiangmin 20120530
K7AntiVirus 20120529
Kaspersky 20120530
McAfee 20120530
McAfee-GW-Edition 20120529
Microsoft 20120530
NOD32 20120530
Norman 20120530
nProtect 20120530
Panda 20120529
PCTools 20120530
Rising 20120530
Sophos AV 20120530
SUPERAntiSpyware 20120530
Symantec 20120530
TheHacker 20120529
TotalDefense 20120530
TrendMicro 20120530
TrendMicro-HouseCall 20120529
VBA32 20120530
VIPRE 20120530
ViRobot 20120530
VirusBuster 20120529
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
??????

Product B??2
File version 1.0.0.0
Description ??????????????
Packers identified
F-PROT UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-30 08:53:46
Entry Point 0x001AD3B0
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegSaveKeyW
ImageList_Add
GetSaveFileNameW
AlphaBlend
IsEqualGUID
VariantCopy
DragFinish
VerQueryValueW
OpenPrinterW
Number of PE resources by type
RT_STRING 25
RT_BITMAP 11
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 5
RT_ICON 5
RT_DIALOG 2
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 34
NEUTRAL 31
PE resources
ExifTool file metadata
UninitializedDataSize
1241088

InitializedDataSize
32768

ImageVersion
0.0

ProductName
B 2

FileVersionNumber
1.0.4534.64426

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2012:05:30 09:53:46+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2014:02:05 12:58:53+01:00

ProductVersion
1.0.0

SubsystemVersion
5.0

OSVersion
5.0

FileCreateDate
2014:02:05 12:58:53+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
516096

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x1ad3b0

ObjectFileType
Executable application

File identification
MD5 9d363ab54c87b2d76608df64836abedb
SHA1 bbc4153b3edcefdf5cb1fdb8ed20ae88dbec8481
SHA256 c1c4784f25eeffdcee3179f0ee3c34f10219738defab8484f42c63d22d0be521
ssdeep
12288:6HjVQqggY3nX7ZB/wyvEphCLa/yx0gwU5QzMPQj3wqDSJsiGe:6HpTggsnX7ZB/wmEpka/yx0XeQYoj3B

imphash 914e6c616f39ff2242fdadb705bafb43
File size 531.0 KB ( 543744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (41.1%)
Win32 EXE Yoda's Crypter (35.7%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Win16/32 Executable Delphi generic (2.7%)
Tags
peexe upx

VirusTotal metadata
First submission 2012-05-30 10:14:06 UTC ( 6 years, 7 months ago )
Last submission 2014-02-05 11:58:48 UTC ( 4 years, 11 months ago )
File names Bhonyaku2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!