× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cab7a2bd4fb3249107c4676344ca959424c3d3f59aed308bb3e2c1c34e0d6c43
File name: 2.exe
Detection ratio: 15 / 61
Analysis date: 2017-03-27 05:42:37 UTC ( 2 years ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Poweliks.7 20170327
ALYac Gen:Variant.Poweliks.7 20170327
Arcabit Trojan.Poweliks.7 20170327
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9643 20170327
BitDefender Gen:Variant.Poweliks.7 20170327
CrowdStrike Falcon (ML) malicious_confidence_95% (D) 20170130
Emsisoft Gen:Variant.Poweliks.7 (B) 20170327
Endgame malicious (high confidence) 20170317
F-Secure Gen:Variant.Poweliks.7 20170327
GData Gen:Variant.Poweliks.7 20170327
Sophos ML generic.a 20170203
eScan Gen:Variant.Poweliks.7 20170327
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20170327
Sophos AV Mal/Kovter-Z 20170327
Symantec ML.Attribute.HighConfidence 20170326
AegisLab 20170327
AhnLab-V3 20170326
Alibaba 20170327
Antiy-AVL 20170327
Avast 20170327
AVG 20170327
Avira (no cloud) 20170326
AVware 20170327
Bkav 20170326
CAT-QuickHeal 20170327
ClamAV 20170327
CMC 20170326
Comodo 20170325
Cyren 20170327
DrWeb 20170327
ESET-NOD32 20170326
F-Prot 20170327
Fortinet 20170327
Ikarus 20170326
Jiangmin 20170327
K7AntiVirus 20170327
K7GW 20170327
Kingsoft 20170327
Malwarebytes 20170327
McAfee 20170327
McAfee-GW-Edition 20170327
Microsoft 20170327
NANO-Antivirus 20170327
nProtect 20170327
Palo Alto Networks (Known Signatures) 20170327
Panda 20170326
Rising 20170327
SentinelOne (Static ML) 20170315
SUPERAntiSpyware 20170327
Symantec Mobile Insight 20170326
Tencent 20170327
TheHacker 20170327
TotalDefense 20170327
TrendMicro 20170327
TrendMicro-HouseCall 20170327
Trustlook 20170327
VBA32 20170324
VIPRE 20170327
ViRobot 20170327
Webroot 20170327
WhiteArmor 20170315
Yandex 20170323
Zillya 20170323
ZoneAlarm by Check Point 20170327
Zoner 20170327
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2005-2013 Nullsoft

Product Error Reporter
Original name Errord.exe
Internal name ReporterError
File version 1,11,0,0
Description Error Reporter
Comments Winamp Program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-07-26 06:57:22
Entry Point 0x0000352A
Number of sections 8
PE sections
Overlays
MD5 713045c1b14a96634d498254aac4a4cb
File type data
Offset 369664
Size 875
Entropy 7.73
PE imports
RegEnumKeyA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
ImageList_Read
Ord(17)
GetDeviceCaps
GetNearestColor
GetMiterLimit
CreateBrushIndirect
GetLastError
ReadFile
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
GetTickCount
CreateDirectoryA
GlobalUnlock
LoadLibraryA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
SetFileTime
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
GetCommandLineA
GetProcAddress
SetFilePointer
GetTempPathA
CreateThread
GetModuleHandleA
FindFirstFileA
WriteFile
CloseHandle
GetTempFileNameA
FindNextFileA
GetModuleFileNameA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetVersion
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
CharPrevA
GetMessagePos
DrawTextA
EndDialog
BeginPaint
ShowWindow
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
CloseClipboard
GetSystemMetrics
IsWindow
AppendMenuA
PostQuitMessage
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
MessageBoxIndirectA
GetDlgItemTextA
ScreenToClient
PeekMessageA
SetWindowLongA
DialogBoxParamA
GetSysColor
CheckDlgButton
GetDC
SystemParametersInfoA
GetClassInfoA
SetClipboardData
SendMessageTimeoutA
IsWindowVisible
SendMessageA
IsWindowEnabled
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
RegisterClassA
InvalidateRect
wsprintfA
FindWindowExA
CreateWindowExA
LoadCursorA
TrackPopupMenu
CreatePopupMenu
FillRect
CharNextA
LoadImageA
GetSystemMenu
EmptyClipboard
EndPaint
SetForegroundWindow
OpenClipboard
ExitWindowsEx
SetCursor
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH CAN 2
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
SpecialBuild
5.6.6, Build 3517

SubsystemVersion
4.0

Comments
Winamp Program

LinkerVersion
2.23

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.11.0.0

LanguageCode
English (Canadian)

FileFlagsMask
0x0017

FileDescription
Error Reporter

CharacterSet
Windows, Latin1

InitializedDataSize
381440

PrivateBuild
Release | Win32

EntryPoint
0x352a

OriginalFileName
Errord.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2005-2013 Nullsoft

FileVersion
1,11,0,0

TimeStamp
2011:07:26 07:57:22+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ReporterError

ProductVersion
5.6.6.3517

UninitializedDataSize
252928

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

BuildNumber
3517

CompanyName
Nullsoft Inc.

CodeSize
73728

ProductName
Error Reporter

ProductVersionNumber
5.6.6.3516

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 d0079616479ad0b1471737165f08e006
SHA1 d481ee294d861689ed237f31e5ca2a21c1b5b67f
SHA256 cab7a2bd4fb3249107c4676344ca959424c3d3f59aed308bb3e2c1c34e0d6c43
ssdeep
6144:jLGu8jVSHS7PWFHbMDjaS4v3yIsWQsE2TOuA/vxoXDuiHij0URYNrTnjYA:/GTjVvDWR+jRAiIsW1yzvCXDuuGxYNrx

authentihash a4791fc3eff08cb61536897f833ce84d4483c76901a3f382fc5036ddc35e47c3
imphash 05470b729e7832eb61d3d86f1c9d3adc
File size 361.9 KB ( 370539 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-03-27 05:42:37 UTC ( 2 years ago )
Last submission 2017-03-27 05:42:37 UTC ( 2 years ago )
File names Errord.exe
2.exe
ReporterError
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Terminated processes
Opened mutexes
Runtime DLLs
UDP communications