× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c420639ac1079bef962d33daf42ace7fc80fcaf811e9b0fa487e6fdcafe55fdb
File name: Porgram-ridica-la-putere.exe
Detection ratio: 3 / 57
Analysis date: 2015-04-21 13:40:35 UTC ( 2 years, 8 months ago ) View latest
Antivirus Result Update
Cyren W32/Graftor.BR.gen!Eldorado 20150421
F-Prot W32/Graftor.BR.gen!Eldorado 20150421
NANO-Antivirus Trojan.Win32.DownLoader12.dplgpi 20150421
Ad-Aware 20150421
AegisLab 20150421
Yandex 20150420
AhnLab-V3 20150421
Alibaba 20150421
ALYac 20150421
Antiy-AVL 20150421
Avast 20150421
AVG 20150421
Avira (no cloud) 20150421
AVware 20150421
Baidu-International 20150421
BitDefender 20150421
Bkav 20150421
ByteHero 20150421
CAT-QuickHeal 20150421
ClamAV 20150421
CMC 20150421
Comodo 20150421
DrWeb 20150421
Emsisoft 20150421
ESET-NOD32 20150421
F-Secure 20150421
Fortinet 20150421
GData 20150421
Ikarus 20150421
Jiangmin 20150420
K7AntiVirus 20150421
K7GW 20150421
Kaspersky 20150421
Kingsoft 20150421
Malwarebytes 20150421
McAfee 20150421
McAfee-GW-Edition 20150421
Microsoft 20150421
eScan 20150421
Norman 20150421
nProtect 20150421
Panda 20150421
Qihoo-360 20150421
Rising 20150421
Sophos AV 20150421
SUPERAntiSpyware 20150421
Symantec 20150421
Tencent 20150421
TheHacker 20150421
TotalDefense 20150421
TrendMicro 20150421
TrendMicro-HouseCall 20150421
VBA32 20150420
VIPRE 20150421
ViRobot 20150421
Zillya 20150421
Zoner 20150420
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-03-27 14:44:26
Entry Point 0x00001280
Number of sections 16
PE sections
PE imports
GetLastError
EnterCriticalSection
ReleaseMutex
TryEnterCriticalSection
ResumeThread
SetEvent
VirtualProtect
ExitProcess
TlsAlloc
GetHandleInformation
DeleteCriticalSection
GetAtomNameA
SetThreadPriority
WaitForSingleObject
AddAtomA
TlsGetValue
MultiByteToWideChar
SetProcessAffinityMask
GetProcAddress
GetThreadContext
GetCurrentThread
SuspendThread
CreateMutexA
IsDBCSLeadByteEx
InterlockedExchangeAdd
CreateSemaphoreA
WideCharToMultiByte
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
ResetEvent
DuplicateHandle
WaitForMultipleObjects
GetThreadPriority
SetThreadContext
GetProcessAffinityMask
ReleaseSemaphore
InitializeCriticalSection
VirtualQuery
CreateEventA
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
LeaveCriticalSection
SetLastError
InterlockedIncrement
__p__fmode
malloc
getc
putwc
__p__environ
realloc
fread
fclose
wcsftime
ungetwc
system
atexit
abort
_setmode
getwc
fflush
fopen
strlen
_endthreadex
fsetpos
_cexit
fputc
iswctype
_errno
strtod
fwrite
fgetpos
strftime
_onexit
wcslen
fputs
exit
sprintf
putc
memcmp
strxfrm
_setjmp
towlower
printf
strchr
memset
longjmp
_fdopen
wcscoll
free
getenv
setlocale
signal
atoi
wcsxfrm
_fstati64
__getmainargs
calloc
_write
strcoll
memcpy
towupper
_lseeki64
memmove
setvbuf
_read
strerror
strcmp
_filelengthi64
_beginthreadex
memchr
__mb_cur_max
ungetc
fprintf
_getch
__set_app_type
vfprintf
localeconv
_ftime
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:03:27 15:44:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
466432

LinkerVersion
2.23

EntryPoint
0x1280

InitializedDataSize
508416

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
28160

File identification
MD5 9962705849a37581fde5ce50f12c7185
SHA1 cf42b94627849f555b24422735b1c19deef34e98
SHA256 c420639ac1079bef962d33daf42ace7fc80fcaf811e9b0fa487e6fdcafe55fdb
ssdeep
12288:tvyxPpid7wRcf1rS6UHXF1vUnxvIONSLpmlhjfc8AccX4c6j/WNPPPzc4IVY33iu:tv0wwRcpS6UHXwxvIOALA43IvcF0hM

authentihash 173cc62d2a85899d532ec20aeb0089c2635810197c697639cbc3e72aeffcb434
imphash d5ff7913709aa298a6ced5d554867d1f
File size 988.5 KB ( 1012182 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.4%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-04-21 13:40:35 UTC ( 2 years, 8 months ago )
Last submission 2015-04-21 13:40:35 UTC ( 2 years, 8 months ago )
File names Porgram-ridica-la-putere.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications