× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cd5f1e79c4678da62f50da5a4631d141497851880d87d9af969fdfd64c9777e8
File name: antimalware.exe
Detection ratio: 6 / 46
Analysis date: 2013-08-20 20:31:45 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Antiy-AVL Exploit/Win32.Serv-U 20130820
BitDefender Gen:Variant.Symmi.27508 20130820
Emsisoft Gen:Variant.Symmi.27508 (B) 20130820
F-Secure Gen:Variant.Symmi.27508 20130820
GData Gen:Variant.Symmi.27508 20130820
eScan Gen:Variant.Symmi.27508 20130820
Yandex 20130820
AhnLab-V3 20130820
AntiVir 20130820
Avast 20130820
AVG 20130820
ByteHero 20130817
CAT-QuickHeal 20130820
ClamAV 20130820
Commtouch 20130820
Comodo 20130820
DrWeb 20130820
ESET-NOD32 20130820
F-Prot 20130820
Fortinet 20130820
Ikarus 20130820
Jiangmin 20130820
K7AntiVirus 20130820
K7GW 20130820
Kaspersky 20130820
Kingsoft 20130723
Malwarebytes 20130820
McAfee 20130820
McAfee-GW-Edition 20130820
Microsoft 20130820
NANO-Antivirus 20130820
Norman 20130820
nProtect 20130820
Panda 20130820
PCTools 20130820
Rising 20130820
Sophos AV 20130820
SUPERAntiSpyware 20130820
Symantec 20130820
TheHacker 20130820
TotalDefense 20130820
TrendMicro 20130820
TrendMicro-HouseCall 20130820
VBA32 20130820
VIPRE 20130820
ViRobot 20130820
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT RAR, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-11 15:19:41
Entry Point 0x0001CCD8
Number of sections 4
PE sections
Overlays
MD5 d63fc2c1e6b19c8a324d467f8da74d93
File type application/x-rar
Offset 194560
Size 3939335
Entropy 8.00
PE imports
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
SetFileSecurityW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
InitCommonControlsEx
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetDeviceCaps
DeleteDC
SelectObject
StretchBlt
GetObjectW
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
WaitForSingleObject
GetFileAttributesW
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
GetTempPathW
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetOEMCP
InitializeCriticalSection
FindClose
InterlockedDecrement
MoveFileW
GetFullPathNameW
SetLastError
GetSystemTime
DeviceIoControl
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
SetThreadPriority
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
MoveFileExW
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
SystemTimeToFileTime
GetDateFormatW
SetEvent
DeleteFileW
GetProcAddress
CreateFileMappingW
CompareStringW
WriteFile
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
CreateDirectoryW
ResetEvent
FindFirstFileW
GetProcessAffinityMask
CreateEventW
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
GetShortPathNameW
UnmapViewOfFile
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetEnvironmentStringsW
IsDBCSLeadByte
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
RaiseException
ReleaseSemaphore
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
VirtualAlloc
CreateHardLinkW
VariantInit
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetFileInfoW
SHGetMalloc
SHAutoComplete
MapWindowPoints
SetFocus
GetParent
UpdateWindow
EndDialog
LoadBitmapW
SetWindowTextW
DefWindowProcW
IsWindow
GetWindowTextW
GetMessageW
ShowWindow
SetWindowPos
wvsprintfW
GetSystemMetrics
SetWindowLongW
MessageBoxW
SendMessageW
GetWindowRect
RegisterClassExW
CharUpperW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItemTextW
PostMessageW
GetSysColor
SetDlgItemTextW
GetDC
GetWindowLongW
ReleaseDC
DestroyIcon
TranslateMessage
IsWindowVisible
LoadStringW
GetClientRect
GetDlgItem
GetWindow
OemToCharBuffA
DispatchMessageW
PeekMessageW
GetClassNameW
CopyRect
WaitForInputIdle
LoadCursorW
LoadIconW
FindWindowExW
CreateWindowExW
EnableWindow
SetForegroundWindow
DestroyWindow
CreateStreamOnHGlobal
CoCreateInstance
CLSIDFromString
OleInitialize
OleUninitialize
Number of PE resources by type
RT_STRING 9
RT_DIALOG 6
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 22
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:05:11 16:19:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
150528

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
174592

SubsystemVersion
5.0

EntryPoint
0x1ccd8

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 926e2ec33e6ce1f920688a17e47ea1e1
SHA1 264d90cab94a9775b9ae75b81a5fc0a5658b39c5
SHA256 cd5f1e79c4678da62f50da5a4631d141497851880d87d9af969fdfd64c9777e8
ssdeep
98304:ItCLKqQhL+LkSlxSaLr0JlcmKX3ELR1e+88eLSVqv+MYMZHrX3nsCpxqq0GsCpjC:8qQhL+LkfIr0Jlc50LRz88eLSVO+PEHw

authentihash b645d5769e8b77bb48f3b1088141d07dd9538071806d6adcd3bf5bc32b227a7f
imphash 3eaa732d4dae53340f9646bdd85dac41
File size 3.9 MB ( 4133895 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2013-08-20 20:31:45 UTC ( 4 years, 3 months ago )
Last submission 2013-08-20 20:31:45 UTC ( 4 years, 3 months ago )
File names antimalware.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs