× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ce476271fd02d6d7464f1d4401295dec224fb74d253260ed338031a585dbb0dd
File name: lordshades.exe
Detection ratio: 0 / 54
Analysis date: 2016-03-04 02:17:39 UTC ( 2 years, 7 months ago )
Antivirus Result Update
Ad-Aware 20160303
AegisLab 20160303
Yandex 20160303
AhnLab-V3 20160303
ALYac 20160303
Antiy-AVL 20160303
Arcabit 20160304
Avast 20160304
AVG 20160304
Avira (no cloud) 20160304
AVware 20160304
Baidu-International 20160303
BitDefender 20160304
Bkav 20160303
ByteHero 20160304
CAT-QuickHeal 20160303
ClamAV 20160303
CMC 20160303
Comodo 20160304
Cyren 20160304
DrWeb 20160304
Emsisoft 20160229
ESET-NOD32 20160304
F-Prot 20160304
F-Secure 20160304
Fortinet 20160303
GData 20160304
Ikarus 20160303
Jiangmin 20160304
K7AntiVirus 20160303
K7GW 20160304
Kaspersky 20160304
Malwarebytes 20160303
McAfee 20160304
McAfee-GW-Edition 20160304
Microsoft 20160304
eScan 20160304
NANO-Antivirus 20160304
nProtect 20160303
Panda 20160303
Qihoo-360 20160304
Rising 20160302
Sophos AV 20160303
SUPERAntiSpyware 20160304
Symantec 20160303
Tencent 20160304
TheHacker 20160302
TrendMicro 20160304
TrendMicro-HouseCall 20160304
VBA32 20160303
VIPRE 20160304
ViRobot 20160303
Zillya 20160303
Zoner 20160303
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT INNO, appended, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x0000BD08
Number of sections 8
PE sections
Overlays
MD5 cb71b16f38ce10f0e98700880394bb9a
File type data
Offset 59904
Size 2000097
Entropy 8.00
PE imports
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
FileTimeToDosDateTime
GetFileAttributesA
ExitProcess
GetVersionExA
GetModuleFileNameA
RtlUnwind
DeleteCriticalSection
FileTimeToLocalFileTime
GetLocaleInfoA
LocalAlloc
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
GetFullPathNameA
LocalFree
CreateProcessA
InitializeCriticalSection
VirtualFree
FindClose
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
GetFileSize
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
LoadStringA
DispatchMessageA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
Number of PE resources by type
RT_STRING 6
RT_ICON 2
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
46080

LinkerVersion
2.25

EntryPoint
0xbd08

InitializedDataSize
14848

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 75ac260aec56bf4fc9b20c380a66366d
SHA1 711183477319e7d387cf0812e7ec462e62077e36
SHA256 ce476271fd02d6d7464f1d4401295dec224fb74d253260ed338031a585dbb0dd
ssdeep
49152:XcXOFAT5AEQSzSqH4OI7GTONsJnHNUcUr:XwOI5AEQhDdisUHmcM

authentihash dcaaf2adc7f68c341266f25ce2763fb693f59182dda6df4ef75b6ac24edce823
imphash c8524b988a6eed67d46af1d01d295cd7
File size 2.0 MB ( 2060001 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (82.8%)
Win32 Executable Delphi generic (10.7%)
Win32 Executable (generic) (3.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2009-12-19 08:17:44 UTC ( 8 years, 10 months ago )
Last submission 2016-03-04 02:17:39 UTC ( 2 years, 7 months ago )
File names lordshades.exe
1283561402-lordshades.exe
lordshades.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!