× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d5a52f5ccd117c90f5117cb0eacb993cc905000ec80251af25e948afd88edb74
File name: BOOTICE.EXE
Detection ratio: 2 / 69
Analysis date: 2019-01-03 18:30:17 UTC ( 1 month, 2 weeks ago )
Antivirus Result Update
Cylance Unsafe 20190103
Trapmine suspicious.low.ml.score 20190103
Acronis 20181227
Ad-Aware 20190103
AegisLab 20190103
AhnLab-V3 20190103
Alibaba 20180921
ALYac 20190103
Antiy-AVL 20190103
Arcabit 20190103
Avast 20190103
Avast-Mobile 20190103
AVG 20190103
Avira (no cloud) 20190103
Babable 20180918
Baidu 20190102
BitDefender 20190103
Bkav 20190103
CAT-QuickHeal 20190103
ClamAV 20190103
CMC 20190103
Comodo 20190103
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cyren 20190103
DrWeb 20190103
eGambit 20190103
Emsisoft 20190103
Endgame 20181108
ESET-NOD32 20190103
F-Prot 20190103
F-Secure 20190103
Fortinet 20190103
GData 20190103
Ikarus 20190103
Sophos ML 20181128
Jiangmin 20190103
K7AntiVirus 20190103
K7GW 20190103
Kaspersky 20190103
Kingsoft 20190103
Malwarebytes 20190103
MAX 20190103
McAfee 20190103
McAfee-GW-Edition 20190103
Microsoft 20190103
eScan 20190103
NANO-Antivirus 20190103
Palo Alto Networks (Known Signatures) 20190103
Panda 20190102
Qihoo-360 20190103
Rising 20190103
SentinelOne (Static ML) 20181223
Sophos AV 20190103
SUPERAntiSpyware 20190102
Symantec 20190103
TACHYON 20190103
Tencent 20190103
TheHacker 20181230
TrendMicro 20190103
TrendMicro-HouseCall 20190103
Trustlook 20190103
VBA32 20181229
ViRobot 20190103
Webroot 20190103
Yandex 20181229
Zillya 20190103
ZoneAlarm by Check Point 20190103
Zoner 20190103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Pauly

Product BOOTICE
Original name BOOTICE.EXE
Internal name BOOTICE
File version 2012.05.20
Description 引导扇区维护工具
Comments BOOT SECTOR MANIPULATION TOOL
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-20 13:55:12
Entry Point 0x0008E980
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
RegCloseKey
InitCommonControls
GetOpenFileNameA
SetBkMode
sprintf
CoCreateGuid
DragFinish
StrStrA
Number of PE resources by type
RT_DIALOG 78
RT_STRING 21
RT_RCDATA 17
RT_ICON 6
RT_MENU 3
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 36
CHINESE SIMPLIFIED 36
CHINESE TRADITIONAL 35
NEUTRAL 21
PE resources
ExifTool file metadata
LegalTrademarks
BOOTICE

UninitializedDataSize
438272

Comments
BOOT SECTOR MANIPULATION TOOL

InitializedDataSize
28672

ImageVersion
0.0

ProductName
BOOTICE

FileVersionNumber
2012.5.20.0

LanguageCode
Chinese (Simplified)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Unicode

LinkerVersion
5.12

FileTypeExtension
exe

OriginalFileName
BOOTICE.EXE

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2012.05.20

TimeStamp
2012:05:20 14:55:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
BOOTICE

ProductVersion
2012.05.20

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

LegalCopyright
Pauly

MachineType
Intel 386 or later, and compatibles

CompanyName
www.ipauly.com

CodeSize
147456

FileSubtype
0

ProductVersionNumber
2012.5.20.0

EntryPoint
0x8e980

ObjectFileType
Executable application

Execution parents
Compressed bundles
File identification
MD5 967cde34fe23e589596ed10d70f48357
SHA1 9604abdc7d27dcf570ecbc0f99a19694ba35db7a
SHA256 d5a52f5ccd117c90f5117cb0eacb993cc905000ec80251af25e948afd88edb74
ssdeep
3072:CVK8YDjp866qGWWjF59RVxWmA0ZHZPSgXQQ+SdEZeBoutLb:iKa6l5WjFDb9xJ5qeBoS

authentihash 1daf90115ed41882c520e14b1e580ef21e557833339128298dee6b64c280aa01
imphash f430dc851c95307e107b8fc858da6874
File size 168.5 KB ( 172544 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (60.8%)
Win32 Dynamic Link Library (generic) (15.0%)
Win32 Executable (generic) (10.3%)
OS/2 Executable (generic) (4.6%)
Generic Win/DOS Executable (4.5%)
Tags
peexe upx via-tor

VirusTotal metadata
First submission 2012-05-27 19:56:40 UTC ( 6 years, 9 months ago )
Last submission 2019-01-03 18:30:17 UTC ( 1 month, 2 weeks ago )
File names BootICE.exe
BOOTICE_004.EXE
BOOTICE_2012.05.20.EXE
172544_967cde34fe23e589596ed10d70f48357.exe
BOOTICE_old2012.EXE
2012.05.20.EXE
BOOTICE v2012.05.20.EXE
Bootice.exe
0000751274.BOOTICE.967cde34fe23e589596ed10d70f48357.exe
BOOTICE 2012.05.20.EXE
smona_d5a52f5ccd117c90f5117cb0eacb993cc905000ec80251af25e948afd88edb74.bin
BOOTICE_20120520_Format_USB_Flash_NTFS.EXE
file-4178865_EXE
filename
BOOTICE
output.2140823.txt
967cde34fe23e589596ed10d70f48357.9604abdc7d27dcf570ecbc0f99a19694ba35db7a
BOOTICE_v2012.05.20.EXE
9604abdc7d27dcf570ecbc0f99a19694ba35db7a
c796ff6f-66ca-4a61-a29f-244120d34f42.EXE
BOOTICE.EXE
BOOTICE.exe
2012-05-20.exe
2140823
BOOTICE (1).EXE
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!