× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c5616e25bac52935f135ecb5ed4efc3274594bd04023b474e2f0144680fcd361
File name: setup-4.5.0.exe
Detection ratio: 8 / 41
Analysis date: 2009-09-20 06:32:10 UTC ( 7 years, 9 months ago ) View latest
Antivirus Result Update
a-squared Trojan.Win32.Vapsup!IK 20090920
Fortinet W32/Vapsup.UMG!tr 20090919
Ikarus Trojan.Win32.Vapsup 20090920
McAfee+Artemis Artemis!A724A8FD21A7 20090919
Prevx High Risk Cloaked Malware 20090920
Sophos Mal/Generic-A 20090920
VBA32 Trojan.Win32.Vapsup.umg 20090920
VirusBuster Trojan.ATRAPS.BPM 20090919
AhnLab-V3 20090919
AntiVir 20090918
Antiy-AVL 20090918
Authentium 20090919
Avast 20090919
AVG 20090919
BitDefender 20090920
CAT-QuickHeal 20090919
ClamAV 20090919
Comodo 20090920
DrWeb 20090920
eSafe 20090917
eTrust-Vet 20090918
F-Prot 20090919
F-Secure 20090920
GData 20090920
Jiangmin 20090919
K7AntiVirus 20090919
Kaspersky 20090920
McAfee 20090919
McAfee-GW-Edition 20090918
Microsoft 20090919
NOD32 20090919
Norman 20090918
nProtect 20090920
Panda 20090919
PCTools 20090919
Rising 20090920
Sunbelt 20090919
Symantec 20090920
TheHacker 20090918
TrendMicro 20090918
ViRobot 20090918
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product ElfBot NG
File version
Description ElfBot NG Setup
Comments This installation was built with Inno Setup.
Packers identified
Command INNO, INNO, INNO
F-PROT INNO
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009A58
Number of sections 8
PE sections
Overlays
MD5 92b9a679eda25cafd7bcb2655835f770
File type data
Offset 53248
Size 2048108
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
17408

ImageVersion
6.0

ProductName
ElfBot NG

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
ElfBot NG Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
NGSoft, LLC

CodeSize
37376

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x9a58

ObjectFileType
Executable application

File identification
MD5 a724a8fd21a7e96e90bdb42539e571fc
SHA1 762edc6bd336e7d327a004d66d7b4473923ff795
SHA256 c5616e25bac52935f135ecb5ed4efc3274594bd04023b474e2f0144680fcd361
ssdeep
49152:v2l/Ix65SZBPprQFsEqOayF9PlrHrF5/FeflJyn85Ra3eAPVhaV:ulAlXP5QG9O5F9Pl3F5kflc85g3JPY

authentihash b873f4cf4efde0ae0535f23a2e873a60acce4e2f9f369bfd9377df01e5b2c4ae
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 2.0 MB ( 2101356 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (77.7%)
Win32 Executable Delphi generic (10.0%)
Win32 Dynamic Link Library (generic) (4.6%)
Win32 Executable (generic) (3.1%)
Win16/32 Executable Delphi generic (1.4%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-07-03 12:13:38 UTC ( 7 years, 12 months ago )
Last submission 2016-12-22 16:48:34 UTC ( 6 months, 1 week ago )
File names elfbot85.exe
smona130575183100406067266
ElfBot-4.5.0.exe
smona132011213992140873456
elfbot setup-4.5.0 [8.50].exe
filename
file-204749_exe
A724A8FD21A7E96E90BDB42539E571FC
file-3004325_exe
setup-4.5.0.exe
setup-4.5.0 8.50.exe
elfbot-4.5.0 (8.5).exe
smona_c5616e25bac52935f135ecb5ed4efc3274594bd04023b474e2f0144680fcd361.bin
setup-4.5.0(2).exe
setup-4.5.0 (1).exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!