× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d97f56ea261584d8846c66b4438ff3a76f590e4a0d0c3d98801c4cdca4c7796d
File name: d97f56ea261584d8846c66b4438ff3a76f590e4a0d0c3d98801c4cdca4c7796d
Detection ratio: 0 / 49
Analysis date: 2014-02-02 19:16:28 UTC ( 3 years, 8 months ago )
Antivirus Result Update
Ad-Aware 20140202
Yandex 20140202
AhnLab-V3 20140202
AntiVir 20140202
Antiy-AVL 20140202
Avast 20140202
AVG 20140202
Baidu-International 20140202
BitDefender 20140202
Bkav 20140125
ByteHero 20140127
CAT-QuickHeal 20140202
ClamAV 20140202
CMC 20140122
Commtouch 20140202
Comodo 20140202
DrWeb 20140202
Emsisoft 20140202
ESET-NOD32 20140202
F-Prot 20140201
F-Secure 20140202
Fortinet 20140202
GData 20140202
Ikarus 20140202
Jiangmin 20140202
K7AntiVirus 20140131
K7GW 20140131
Kaspersky 20140202
Kingsoft 20130829
Malwarebytes 20140202
McAfee 20140202
McAfee-GW-Edition 20140202
Microsoft 20140202
eScan 20140202
NANO-Antivirus 20140202
Norman 20140202
nProtect 20140202
Panda 20140202
Qihoo-360 20140127
Rising 20140202
Sophos AV 20140202
SUPERAntiSpyware 20140202
Symantec 20140202
TheHacker 20140202
TotalDefense 20140202
TrendMicro 20140202
TrendMicro-HouseCall 20140202
VBA32 20140131
VIPRE 20140202
ViRobot 20140202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file.
FileVersionInfo properties
Copyright
EBS Yaz?l?m

Publisher EBS Yaz?l?m
Product EBS Ticari
File version 3.0.2
Description EBS Ticari Kurulum
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009C40
Number of sections 8
PE sections
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
File identification
MD5 1d3046befdea7e524a0327f30705592f
SHA1 df0c85d13ce91dce4a7cd2f5a07b3439fd9040b3
SHA256 d97f56ea261584d8846c66b4438ff3a76f590e4a0d0c3d98801c4cdca4c7796d
ssdeep
196608:XOulryZ1fnK8gDiFojrG2V/+YCxpRHpjJIGycDhpxyGpiDgeemUhR:Rtz88iF0G2t+LOQbyGJR

imphash 884310b1928934402ea6fec1dbd3cf5e
File size 10.5 MB ( 10962646 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (65.1%)
Win32 EXE PECompact compressed (generic) (24.6%)
Win32 Dynamic Link Library (generic) (3.9%)
Win32 Executable (generic) (2.6%)
Win16/32 Executable Delphi generic (1.2%)
Tags
peexe

VirusTotal metadata
First submission 2014-02-02 19:16:28 UTC ( 3 years, 8 months ago )
Last submission 2014-02-02 19:16:28 UTC ( 3 years, 8 months ago )
File names d97f56ea261584d8846c66b4438ff3a76f590e4a0d0c3d98801c4cdca4c7796d
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!