× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c4b880d069be6107bde5b90ad3f781f7af7a562e311c4910b700af12d79f4d8a
File name: win.exe
Detection ratio: 1 / 41
Analysis date: 2012-02-14 10:49:21 UTC ( 6 years, 11 months ago )
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20120214
AhnLab-V3 20120213
AntiVir 20120214
Antiy-AVL 20120213
Avast 20120214
AVG 20120213
BitDefender 20120214
ByteHero 20120211
ClamAV 20120214
Commtouch 20120214
Comodo 20120214
DrWeb 20120214
Emsisoft 20120214
eTrust-Vet 20120214
F-Prot 20120213
F-Secure 20120214
Fortinet 20120214
GData 20120214
Ikarus 20120214
Jiangmin 20120214
K7AntiVirus 20120213
Kaspersky 20120214
McAfee 20120214
McAfee-GW-Edition 20120213
Microsoft 20120214
NOD32 20120214
Norman 20120213
nProtect 20120214
Panda 20120213
PCTools 20120207
Prevx 20120214
Rising 20120214
Sophos AV 20120214
SUPERAntiSpyware 20120206
Symantec 20120214
TheHacker 20120213
TrendMicro 20120214
TrendMicro-HouseCall 20120214
VIPRE 20120214
ViRobot 20120214
VirusBuster 20120213
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Number of sections 18
PE sections
PE imports
DeleteCriticalSection, EnterCriticalSection, FreeLibrary, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetLastError, GetModuleHandleA, GetProcAddress, GetStartupInfoA, GetSystemTimeAsFileTime, GetTickCount, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, LoadLibraryW, MultiByteToWideChar, QueryPerformanceCounter, SetUnhandledExceptionFilter, Sleep, TerminateProcess, TlsGetValue, UnhandledExceptionFilter, VirtualProtect, VirtualQuery, WideCharToMultiByte
__dllonexit, __getmainargs, __initenv, __lconv_init, __mb_cur_max, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _errno, _fmode, _initterm, _iob, _lock, _onexit, _unlock, _winmajor, abort, atoi, calloc, exit, fputc, free, getenv, localeconv, malloc, memcpy, printf, puts, setlocale, signal, strchr, strerror, strlen, strncmp, wcslen
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2012:02:08 03:14:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
27136

LinkerVersion
2.2

EntryPoint
0x14e0

InitializedDataSize
35840

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
3584

File identification
MD5 ed2522e399b071b969a21f688ae447e5
SHA1 e76fb7c6940f55629342c27ee3c60055a11bad4c
SHA256 c4b880d069be6107bde5b90ad3f781f7af7a562e311c4910b700af12d79f4d8a
ssdeep
3072:qbPOGPao/fdFT5BhSOIfa9z8oYG/h4vED8cqi:qbGkjtndfSo58M

File size 213.4 KB ( 218523 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable Generic (67.8%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
VXD Driver (0.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2012-02-14 10:49:21 UTC ( 6 years, 11 months ago )
Last submission 2012-02-14 10:49:21 UTC ( 6 years, 11 months ago )
File names win.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!