× Cookies are disabled! This site requires cookies to be enabled to work properly
VirusTotal
SHA256: c21a71ff7ad0436ce76a20e02e5a616f3ef7849261f37d809214618df87d13b6
File name: firework.mp3.exe
Detection ratio: 40 / 44
Analysis date: 2012-10-10 09:12:21 UTC ( 5 years, 3 months ago )
Antivirus Result Update
Yandex Trojan.Inject.Gen.10 20121009
AhnLab-V3 Trojan/Win32.Delf 20121010
AntiVir TR/Drop.Sirefef.BC 20121010
Avast Win32:MalOb-FQ [Cryp] 20121009
AVG Agent_r.APV 20121009
BitDefender Trojan.Generic.6709978 20121010
ClamAV Trojan.Sirefef-6 20121009
Commtouch W32/Trojan2.NRDJ 20121009
Comodo TrojWare.Win32.Kryptik.CV 20121009
DrWeb BackDoor.Maxplus.5097 20121010
Emsisoft Trojan-Dropper.SuspectCRC!IK 20120919
ESET-NOD32 Win32/Inject.NES 20121010
F-Prot W32/Trojan2.NRDJ 20121009
F-Secure Trojan:W32/ZeroAccess.A 20121003
Fortinet W32/Kryptik.BMP!tr 20121010
GData Trojan.Generic.6709978 20121010
Ikarus Trojan-Dropper.SuspectCRC 20121010
Jiangmin Trojan/Generic.tacd 20121009
K7AntiVirus Trojan 20121009
Kaspersky Trojan.Win32.SuperThreat.k 20121010
Kingsoft Win32.Troj.Generic.(kcloud) 20121008
McAfee ZeroAccess 20121010
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-BAY.K 20121009
Microsoft TrojanDropper:Win32/Sirefef.B 20121010
eScan Trojan.Generic.6709978 20121010
Norman W32/Sirefef.CM 20121009
nProtect Trojan/W32.Agent.93696.IV 20121009
Panda Generic Trojan 20121010
PCTools Trojan.Zeroaccess 20121010
Rising Trojan.Win32.Generic.1288817B 20121009
Sophos AV Troj/Sirefef-AE 20121010
SUPERAntiSpyware Trojan.Agent/Gen-Faldesc 20121009
Symantec Trojan.Zeroaccess 20121010
TheHacker Trojan/Inject.nes 20121009
TotalDefense Win32/FakeAV.TWX 20121009
TrendMicro TROJ_ZACCESS.SMO 20121010
TrendMicro-HouseCall TROJ_ZACCESS.SMO 20121010
VBA32 Backdoor.Maxplus.1614 20121009
VIPRE Trojan.Win32.Sirefef.g (v) 20121010
ViRobot Trojan.Win32.Agent.93696.N 20121009
Antiy-AVL 20121009
ByteHero 20121009
CAT-QuickHeal 20121010
eSafe 20121009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2011

Product Firework
Original name Firework.mp3
Internal name Firework
File version 1, 0, 0, 1
Description Katy Pery
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-04-25 16:55:17
Entry Point 0x000012A9
Number of sections 4
PE sections
PE imports
[+] GDI32.dll
CreateFontIndirectW
GetBkMode
SaveDC
GetPixel
GetDeviceCaps
ExcludeClipRect
LineTo
DeleteDC
SetBkMode
SetPixel
DeleteObject
BitBlt
SetTextColor
MoveToEx
GetStockObject
GetDIBits
GdiFlush
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
GetTextColor
CreateSolidBrush
GetTextExtentPoint32W
Ellipse
[+] KERNEL32.dll
GetLastError
GetStdHandle
LCMapStringW
GetSystemInfo
GlobalFree
LCMapStringA
ExitProcess
VirtualProtect
GetModuleFileNameA
VirtualQuery
CreateRemoteThread
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
RaiseException
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetStringTypeW
TerminateProcess
GlobalAlloc
GetEnvironmentStringsW
GetTickCount
GetCurrentThreadId
VirtualAlloc
[+] USER32.dll
DrawMenuBar
GetForegroundWindow
GetParent
UpdateWindow
IntersectRect
EndDialog
LoadBitmapW
OffsetRect
DefWindowProcW
MoveWindow
CheckRadioButton
ShowWindow
GetSystemMetrics
EnableMenuItem
MessageBoxW
GetMenu
GetWindowRect
FrameRect
SetCapture
ReleaseCapture
DialogBoxParamW
MessageBoxA
GetDlgItemTextW
PostMessageW
SetDlgItemTextW
GetDC
ReleaseDC
SendMessageW
LoadStringA
IsZoomed
GetWindowPlacement
LoadStringW
GetClientRect
GetDlgItem
WinHelpW
DrawTextW
UnionRect
IsIconic
InvertRect
SetRect
InvalidateRect
GetSubMenu
SetTimer
FillRect
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
PeekMessageW
PtInRect
[+] gdiplus.dll
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipGetImageHeight
GdiplusStartup
GdipGetImageWidth
GdipCreateBitmapFromStream
[+] ntdll.dll
ZwOpenProcess
RtlImageNtHeader
RtlEqualUnicodeString
RtlUnwind
ZwClose
ZwQuerySystemInformation
LdrFindResource_U
LdrAccessResource
ZwCreateSection
RtlAdjustPrivilege
ZwQueryInformationProcess
ZwMapViewOfSection
memcpy
ZwUnmapViewOfSection
[+] ole32.dll
CreateStreamOnHGlobal
Number of PE resources by type
RT_ICON 4
RT_RCDATA 2
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 8
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
9.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0017

CharacterSet
Unicode

InitializedDataSize
90624

OriginalFilename
Firework.mp3

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2011

FileVersion
1, 0, 0, 1

TimeStamp
2011:04:25 18:55:17+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
Firework

ProductVersion
1, 0, 0, 1

FileDescription
Katy Pery

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
2048

ProductName
Firework

ProductVersionNumber
1.0.0.1

EntryPoint
0x12a9

ObjectFileType
Unknown

File identification
MD5 681f4d96ea0aacd199cabc09d1c02c65
SHA1 2cb17db1895d6b171e091945ea981fc7b81d6289
SHA256 c21a71ff7ad0436ce76a20e02e5a616f3ef7849261f37d809214618df87d13b6
ssdeep
1536:EGwtRxOBJyypgmDjVwCfIAIYfGJmIMWtEMfgjtEF/:NwtRonyypexoiNtxYG/

File size 91.5 KB ( 93696 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-01 13:52:38 UTC ( 5 years, 7 months ago )
Last submission 2012-10-10 09:12:21 UTC ( 5 years, 3 months ago )
File names Firework
file-4038591_exe
firework.mp3.exe
Firework.mp3
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!
More comments

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community
No votes. No one has voted on this item yet, be the first one to do so!
More votes
Blog | Twitter | | Google groups | ToS | Privacy policy