× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0cd80cb28f52cab3ec61bf89f98f4601a27074d98c4828736898a287acacb74
File name: ini.exe
Detection ratio: 5 / 40
Analysis date: 2013-01-14 19:49:23 UTC ( 6 years, 2 months ago ) View latest
Antivirus Result Update
Avast Win32:Trojan-gen 20130114
ESET-NOD32 a variant of Win32/Injector.OSL 20130114
GData Win32:Trojan-gen 20130114
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.R 20130114
Microsoft VirTool:Win32/DelfInject.gen!X 20130114
Yandex 20130114
AhnLab-V3 20130114
AntiVir 20130114
Antiy-AVL 20130114
AVG 20130114
BitDefender 20130111
ByteHero 20130114
CAT-QuickHeal 20130114
Commtouch 20130114
Comodo 20130114
Emsisoft 20130114
eSafe 20130113
F-Prot 20130114
F-Secure 20130114
Fortinet 20130113
Ikarus 20130114
Jiangmin 20121221
K7AntiVirus 20130114
Kaspersky 20130114
Kingsoft 20130107
Malwarebytes 20130114
McAfee 20130114
eScan 20130114
NANO-Antivirus 20130114
Norman 20130114
nProtect 20130114
Panda 20130114
PCTools 20130114
Rising 20130114
Sophos AV 20130114
SUPERAntiSpyware 20130114
TheHacker 20130114
TotalDefense 20130114
VIPRE 20130114
ViRobot 20130114
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Aspack
PEiD ASProtect v1.23 RC1
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00001000
Number of sections 10
PE sections
PE imports
RegQueryValueExA
_TrackMouseEvent
ChooseColorA
UnrealizeObject
GetProcAddress
GetModuleHandleA
LoadLibraryA
RaiseException
OleUninitialize
CLSIDFromString
GetErrorInfo
SysFreeString
SafeArrayPtrOfIndex
VariantChangeTypeEx
SHGetSpecialFolderLocation
Shell_NotifyIconA
CreateWindowExA
GetKeyboardType
VerQueryValueA
Number of PE resources by type
RT_BITMAP 127
RT_STRING 28
RT_GROUP_CURSOR 7
RT_CURSOR 7
RT_RCDATA 6
RT_DIALOG 1
RT_MANIFEST 1
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 155
RUSSIAN 20
FRENCH 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
1400320

LinkerVersion
2.25

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

EntryPoint
0x1000

InitializedDataSize
620032

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 e5dc7ecfc5578d51ba92ff710b05ae09
SHA1 1689a8af161ad5a1696a0f9982693d3fbb95a99f
SHA256 d0cd80cb28f52cab3ec61bf89f98f4601a27074d98c4828736898a287acacb74
ssdeep
12288:nvUoUbhF4wAmsxHhE8RXajBb/pgqckeJFxJkx0AV1OZUWjwNDX+FTYvWPCZHBFI/:nvkYNltYytTreVTCSNDOsvWPCVBKm1g

authentihash 367a08d1ff895ef7c28f5bd94faa2bb417b59d2f8d8d99ecbcbdabe412bc8241
imphash 15327529b7dc675ad0176ed1e8b9ab2b
File size 1.0 MB ( 1050624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe asprotect aspack

VirusTotal metadata
First submission 2013-01-14 19:49:23 UTC ( 6 years, 2 months ago )
Last submission 2018-04-02 22:28:01 UTC ( 11 months, 3 weeks ago )
File names d0cd80cb28f52cab3ec61bf89f98f4601a27074d98c4828736898a287acacb74
vti-rescan
ini.exe
e5dc7ecfc5578d51ba92ff710b05ae09
Startup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!