× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5074dd77ffd6e0c6d5346ff4f57bce27154de7eefea8b422e9ede134c510de3
File name: fNF1.exe
Detection ratio: 2 / 47
Analysis date: 2013-07-22 21:23:28 UTC ( 5 years, 10 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.Packed.24465 20130722
Symantec Suspicious.Cloud.5 20130722
Yandex 20130722
AhnLab-V3 20130722
AntiVir 20130722
Antiy-AVL 20130722
Avast 20130722
AVG 20130722
BitDefender 20130722
ByteHero 20130613
CAT-QuickHeal 20130722
ClamAV 20130722
Commtouch 20130722
Comodo 20130722
Emsisoft 20130722
eSafe 20130722
ESET-NOD32 20130722
F-Prot 20130722
F-Secure 20130722
Fortinet 20130722
GData 20130722
Ikarus 20130722
Jiangmin 20130722
K7AntiVirus 20130722
K7GW 20130722
Kaspersky 20130722
Kingsoft 20130718
Malwarebytes 20130722
McAfee 20130722
McAfee-GW-Edition 20130722
Microsoft 20130722
eScan 20130722
NANO-Antivirus 20130722
Norman 20130722
nProtect 20130722
Panda 20130722
PCTools 20130722
Rising 20130722
Sophos AV 20130722
SUPERAntiSpyware 20130722
TheHacker 20130722
TotalDefense 20130722
TrendMicro 20130722
TrendMicro-HouseCall 20130722
VBA32 20130722
VIPRE 20130722
ViRobot 20130722
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-06-16 11:22:34
Entry Point 0x000018D2
Number of sections 3
PE sections
PE imports
lstrcpyW
GetLongPathNameW
HeapCreate
WaitForSingleObject
FindResourceW
GetFileAttributesA
GetDiskFreeSpaceW
CreateDirectoryA
WriteFileEx
GetExitCodeProcess
InterlockedDecrement
ExitProcess
GetPrivateProfileIntA
GetPrivateProfileSectionA
lstrcmpA
Sleep
LoadLibraryA
InterlockedIncrement
SetEnvironmentVariableA
ApphelpCheckIME
SdbCreateMsiTransformFile
AllowPermLayer
ApphelpCheckExe
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_RCDATA 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:06:16 12:22:34+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
2560

LinkerVersion
5.12

FileTypeExtension
exe

InitializedDataSize
0

SubsystemVersion
5.1

EntryPoint
0x18d2

OSVersion
5.1

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 0e393efdb775cdda15e5033de41b70e8
SHA1 cb27bb79673f3c50d1990c9486064825aa8bc8af
SHA256 c5074dd77ffd6e0c6d5346ff4f57bce27154de7eefea8b422e9ede134c510de3
ssdeep
6144:Kqtg5lo484sPKw9pzoDrYEFFfR7VIpqUR4x00ImU4+MoJW2TZ2MY0LWqfUIUCxT7:Kqtg3XsPKw9pz0YEfp7VIpqURciy0LWY

authentihash d064941934dc64a58eceaf5b6447e9525de1260ead1febf6ded99967f162a24d
imphash 98d7b698433f81f80772d4c29a84223b
File size 304.0 KB ( 311296 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.2%)
Win32 Executable (generic) (26.2%)
Win16/32 Executable Delphi generic (12.0%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2013-07-22 21:23:28 UTC ( 5 years, 10 months ago )
Last submission 2017-12-06 18:49:11 UTC ( 1 year, 5 months ago )
File names fNF1.exe
aa
w0tkA.exe
9WerRrF.jpeg
0e393efdb775cdda15e5033de41b70e8
malekal_0e393efdb775cdda15e5033de41b70e8
13859654
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs