× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf13eb4ac87538965327cd8728a3c70303b30478e9fb47182996ac7569ec9c89
File name: 71370
Detection ratio: 3 / 56
Analysis date: 2016-01-15 17:34:16 UTC ( 3 years, 4 months ago ) View latest
Antivirus Result Update
DrWeb Trojan.MulDrop5.14689 20160115
K7AntiVirus Riskware ( 0040eff71 ) 20160115
K7GW Riskware ( 0040eff71 ) 20160115
Ad-Aware 20160115
AegisLab 20160115
Yandex 20160114
AhnLab-V3 20160115
Alibaba 20160115
ALYac 20160115
Antiy-AVL 20160115
Arcabit 20160115
Avast 20160115
AVG 20160115
Avira (no cloud) 20160115
AVware 20160111
Baidu-International 20160115
BitDefender 20160115
Bkav 20160115
ByteHero 20160115
CAT-QuickHeal 20160115
ClamAV 20160115
CMC 20160111
Comodo 20160115
Cyren 20160115
Emsisoft 20160115
ESET-NOD32 20160115
F-Prot 20160115
F-Secure 20160115
Fortinet 20160115
GData 20160115
Ikarus 20160115
Jiangmin 20160115
Kaspersky 20160115
Malwarebytes 20160115
McAfee 20160115
McAfee-GW-Edition 20160115
Microsoft 20160115
eScan 20160115
NANO-Antivirus 20160115
nProtect 20160115
Panda 20160115
Qihoo-360 20160115
Rising 20160115
Sophos AV 20160115
SUPERAntiSpyware 20160115
Symantec 20160115
Tencent 20160115
TheHacker 20160114
TotalDefense 20160115
TrendMicro 20160117
TrendMicro-HouseCall 20160115
VBA32 20160115
VIPRE 20160115
ViRobot 20160115
Zillya 20160114
Zoner 20160115
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-03-08 18:20:03
Entry Point 0x00006293
Number of sections 4
PE sections
Overlays
MD5 1879351795975d08acd95ad252489449
File type data
Offset 143360
Size 5380117
Entropy 7.97
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
WaitForSingleObject
GetOEMCP
LCMapStringA
IsDebuggerPresent
HeapAlloc
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetACP
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
GetConsoleOutputCP
WriteConsoleW
CreateDirectoryA
GetWindowsDirectoryA
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
HeapSize
GetTickCount
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetStringTypeA
GetProcessHeap
GetConsoleCP
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
ReadFile
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetSystemTimeAsFileTime
GetSystemDirectoryA
HeapReAlloc
GetStringTypeW
HeapDestroy
TerminateProcess
CreateProcessA
QueryPerformanceCounter
WriteConsoleA
InitializeCriticalSection
HeapCreate
VirtualFree
InterlockedDecrement
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
ExitProcess
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
ShellExecuteA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Number of PE resources by type
RT_ICON 11
RT_GROUP_ICON 2
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 9
RUSSIAN 4
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2007:03:08 18:20:03+00:00

FileType
Win32 EXE

PEType
PE32

CodeSize
77824

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
61440

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0x6293

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3616a582d3c1e92d10bd0ce8abae01e1
SHA1 23f61188aa74f2389862dd067ee5790467553662
SHA256 cf13eb4ac87538965327cd8728a3c70303b30478e9fb47182996ac7569ec9c89
ssdeep
98304:aLFHqLXdgTt2q0EQWoG5Bhxk2ns9ora9rbthJgy1ogWclNVA:SWgBSEQ9MrK2nQorSBhzv7VA

authentihash a276ada75e16ad5c5744d19577068fa8431c13fc9798b18748ad2606f1e9d64e
imphash bbaa6df883da7768c895ff451a9e3564
File size 5.3 MB ( 5523477 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay

VirusTotal metadata
First submission 2011-12-15 16:29:01 UTC ( 7 years, 5 months ago )
Last submission 2018-05-24 02:17:18 UTC ( 1 year ago )
File names VirusShare_3616a582d3c1e92d10bd0ce8abae01e1
screensaver_fireplace.exe
CF13EB4AC87538965327CD8728A3C70303B30478E9FB47182996AC7569EC9C89.exe
CF13EB4AC87538965327CD8728A3C70303B30478E9FB47182996AC7569EC9C89
SSsE.docm
71370
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!