× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d99f198ff5f278af3dd05b956d474926793d5bc91afc4b165c037961b42e1e3c
File name: loader29.mod
Detection ratio: 23 / 46
Analysis date: 2013-08-19 14:37:56 UTC ( 5 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Cosmu 20130819
AntiVir TR/Dldr.Dofoil.U.258 20130819
Avast Win32:VBCrypt-CNO [Trj] 20130819
AVG Downloader.Generic13.BGBD 20130819
BitDefender Gen:Variant.Zusy.60388 20130819
Commtouch W32/GenBl.3F198BA3!Olympus 20130819
Comodo UnclassifiedMalware 20130819
DrWeb BackDoor.Tishop.25 20130819
Emsisoft Gen:Variant.Zusy.60388 (B) 20130819
ESET-NOD32 Win32/TrojanDownloader.Zurgop.AZ 20130819
F-Secure Gen:Variant.Zusy.60388 20130819
Fortinet W32/Zurgop.AZ!tr.dldr 20130819
GData Gen:Variant.Zusy.60388 20130819
Kaspersky UDS:DangerousObject.Multi.Generic 20130819
McAfee Artemis!3F198BA370B5 20130819
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!83 20130819
eScan Gen:Variant.Zusy.60388 20130819
Norman Suspicious_Gen4.EQKNS 20130819
Panda Suspicious file 20130819
Sophos AV Mal/Generic-S 20130819
TheHacker Trojan/Downloader.Zurgop.az 20130819
TrendMicro-HouseCall TROJ_GEN.R0CBB01HC13 20130819
VIPRE Trojan.Win32.Generic!BT 20130819
Yandex 20130819
Antiy-AVL 20130819
ByteHero 20130817
CAT-QuickHeal 20130819
ClamAV 20130819
F-Prot 20130819
Ikarus 20130819
Jiangmin 20130819
K7AntiVirus 20130817
K7GW 20130816
Kingsoft 20130723
Malwarebytes 20130819
Microsoft 20130819
NANO-Antivirus 20130819
nProtect 20130816
PCTools 20130819
Rising 20130819
SUPERAntiSpyware 20130819
Symantec 20130819
TotalDefense 20130816
TrendMicro 20130819
VBA32 20130819
ViRobot 20130819
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 2004-2013, Neowise

Publisher Neowise
Product RoboTask
Original name RTMacroRecorder.exe
File version 5.6.0.30
Description Macro Recorder
Packers identified
F-PROT PecBundle
PEiD PECompact 2.xx --> BitSum Technologies
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-22 17:39:23
Entry Point 0x00001060
Number of sections 2
PE sections
Overlays
MD5 60c6b126049a35e50fffeadf17279275
File type ASCII text
Offset 63380
Size 108
Entropy 0.00
PE imports
MethCallEngine
VirtualFree
LoadLibraryA
VirtualAlloc
GetProcAddress
Number of PE resources by type
RT_RCDATA 80
RT_ICON 4
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
KANNADA DEFAULT 80
NEUTRAL 6
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
9.13

FileSubtype
0

FileVersionNumber
5.6.0.30

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Windows, Latin1

InitializedDataSize
45056

EntryPoint
0x1060

OriginalFileName
RTMacroRecorder.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2004-2013, Neowise

FileVersion
5.6.0.30

TimeStamp
2013:07:22 18:39:23+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
5.6

FileDescription
Macro Recorder

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Neowise

CodeSize
57344

ProductName
RoboTask

ProductVersionNumber
5.6.0.0

Warning
Possibly corrupt Version resource

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 3f198ba370b5416f1e651073f5fd2531
SHA1 f50cb2895cdd695f8d8fa297245876f52ea44d8f
SHA256 d99f198ff5f278af3dd05b956d474926793d5bc91afc4b165c037961b42e1e3c
ssdeep
768:27PkZGTv8jg0oziB7glKIiRXCripmny6v4tLI53ak7rj:K8gzgxglAXNmny24tLI1b7X

authentihash df1fe72d0fb785c8fa81683c71820344cb31dcdb61d11ed34e00d578644ed9fc
imphash d436c55cc61e4d62b21359ff12be3c38
File size 62.0 KB ( 63488 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
pecompact peexe overlay

VirusTotal metadata
First submission 2013-08-06 07:45:23 UTC ( 5 years, 8 months ago )
Last submission 2015-05-25 14:53:17 UTC ( 3 years, 11 months ago )
File names 3f198ba370b5416f1e651073f5fd2531_loader29_mod
1.exe
3f198ba370b5416f1e651073f5f
f50cb2895cdd695f8d8fa297245876f52ea44d8f
vti-rescan
loader29.mod
RTMacroRecorder.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!