× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d1235392129dd1559facf6befe69325e8cd29fdf133bc266fb595be8d32c699c
File name: autorun.exe
Detection ratio: 47 / 56
Analysis date: 2016-06-27 08:02:34 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.167664 20160627
AegisLab Troj.Dropper.W32.Injector.iemg!c 20160627
AhnLab-V3 Dropper/Win32.Injector.N862452874 20160627
ALYac Gen:Variant.Kazy.167664 20160627
Antiy-AVL Trojan[Dropper]/Win32.Injector 20160627
Arcabit Trojan.Kazy.D28EF0 20160627
Avast Win32:Malware-gen 20160627
AVG Pakes_c.AGIL 20160627
Avira (no cloud) TR/Dropper.MSIL.Gen 20160627
AVware Trojan.Win32.Generic!BT 20160627
Baidu Win32.Trojan.WisdomEyes.151026.9950.9999 20160627
Baidu-International Trojan.MSIL.Injector.BHW 20160614
BitDefender Gen:Variant.Kazy.167664 20160627
Bkav W32.DropperYelwluAA.Trojan 20160625
CAT-QuickHeal TrojanDropper.Injector.r3 20160627
CMC Trojan-Dropper.Win32.Injector!O 20160627
Comodo UnclassifiedMalware 20160627
DrWeb Tool.BtcMine.97 20160627
Emsisoft Gen:Variant.Kazy.167664 (B) 20160627
ESET-NOD32 a variant of MSIL/Injector.BHW 20160627
F-Secure Gen:Variant.Kazy.167664 20160627
Fortinet W32/Injector.IEMG!tr 20160627
GData Gen:Variant.Kazy.167664 20160627
Ikarus Trojan-Dropper.Win32.Injector 20160627
Jiangmin Trojan/Generic.bjcuz 20160627
K7AntiVirus Trojan ( 700000121 ) 20160627
K7GW Trojan ( 700000121 ) 20160626
Kaspersky HEUR:Trojan.Win32.Generic 20160627
Malwarebytes Trojan.Agent.MSIL 20160627
McAfee Artemis!CA503B981679 20160627
McAfee-GW-Edition BehavesLike.Win32.Trojan.jc 20160627
Microsoft Trojan:Win32/Remhead!gmb 20160627
eScan Gen:Variant.Kazy.167664 20160627
NANO-Antivirus Trojan.Win32.Injector.dnajin 20160627
nProtect Trojan/W32.Agent.691712.AV 20160624
Panda Trj/OCJ.E 20160626
Qihoo-360 QVM03.0.Malware.Gen 20160627
Sophos AV Mal/Generic-S 20160627
Symantec Trojan.Klovbot 20160627
Tencent Win32.Trojan.Generic.Szbc 20160627
TheHacker Trojan/Generic.bhw 20160625
TrendMicro TROJ_SPNR.0BFR13 20160627
TrendMicro-HouseCall TROJ_SPNR.0BFR13 20160627
VIPRE Trojan.Win32.Generic!BT 20160627
ViRobot Trojan.Win32.S.Agent.691712.D[h] 20160627
Yandex Trojan.DR.Injector!2pajq90AlLg 20160626
Zillya Dropper.Injector.Win32.57269 20160625
Alibaba 20160627
ClamAV 20160627
Cyren 20160627
F-Prot 20160627
Kingsoft 20160627
SUPERAntiSpyware 20160627
TotalDefense 20160627
VBA32 20160625
Zoner 20160627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2005-2013 Binary House Software

Product CookBook+Calendar
File version 3.2
Description CookBook+Calendar Setup
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-04-17 16:01:08
Entry Point 0x000A7A26
Number of sections 3
.NET details
Module Version ID a287db55-b1e2-462a-a606-269e01c4ddee
TypeLib ID 51421af0-154a-4196-8e9b-21143f322f77
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
3.2.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12288

EntryPoint
0xa7a26

MIMEType
application/octet-stream

LegalCopyright
Copyright 2005-2013 Binary House Software

FileVersion
3.2

TimeStamp
2013:04:17 17:01:08+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
3.2

FileDescription
CookBook+Calendar Setup

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Binary House Software

CodeSize
678912

ProductName
CookBook+Calendar

ProductVersionNumber
3.2.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 ca503b981679afe30c46341b702c3cc3
SHA1 8402b3b1c6e47f278f3270f15f828bb83b7a17c2
SHA256 d1235392129dd1559facf6befe69325e8cd29fdf133bc266fb595be8d32c699c
ssdeep
12288:0HBdzUeoHSFYKfjHARhwSzgZQBcmt/uJNyrD5GNiZ9YsmRGC2SgbK:0hdzUenYKfTARhwwgZQBlIeVGNiZ9iRZ

imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 675.5 KB ( 691712 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly usb-autorun

VirusTotal metadata
First submission 2013-05-19 21:54:31 UTC ( 5 years, 6 months ago )
Last submission 2014-10-03 18:32:46 UTC ( 4 years, 2 months ago )
File names autorun.exe
ca503b981679afe30c46341b702c3cc3.8402b3b1c6e47f278f3270f15f828bb83b7a17c2
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections