× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: da829ea4d96061bda5f09c5d1fa88643e3df727d55920dd69ec2ac940e2840f5
File name: rfw_en_10.exe
Detection ratio: 0 / 54
Analysis date: 2016-02-08 17:05:04 UTC ( 3 years, 1 month ago ) View latest
Antivirus Result Update
Ad-Aware 20160208
AegisLab 20160208
Yandex 20160206
AhnLab-V3 20160208
Alibaba 20160204
Antiy-AVL 20160208
Arcabit 20160208
Avast 20160208
AVG 20160208
Avira (no cloud) 20160208
Baidu-International 20160208
BitDefender 20160208
Bkav 20160204
ByteHero 20160208
CAT-QuickHeal 20160208
ClamAV 20160206
CMC 20160205
Comodo 20160208
Cyren 20160208
DrWeb 20160208
Emsisoft 20160208
ESET-NOD32 20160208
F-Prot 20160129
F-Secure 20160208
Fortinet 20160208
GData 20160208
Ikarus 20160208
Jiangmin 20160208
K7AntiVirus 20160208
K7GW 20160208
Kaspersky 20160208
Malwarebytes 20160208
McAfee 20160208
McAfee-GW-Edition 20160208
Microsoft 20160208
eScan 20160208
NANO-Antivirus 20160208
nProtect 20160205
Panda 20160207
Qihoo-360 20160208
Rising 20160208
Sophos AV 20160208
SUPERAntiSpyware 20160208
Symantec 20160208
Tencent 20160208
TheHacker 20160206
TotalDefense 20160208
TrendMicro 20160208
TrendMicro-HouseCall 20160208
VBA32 20160208
VIPRE 20160208
ViRobot 20160208
Zillya 20160208
Zoner 20160208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT NSIS, appended, Unicode
PEiD Nullsoft Install System v2.0b2, v2.0b3
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-02-26 15:30:01
Entry Point 0x00003E6F
Number of sections 4
PE sections
Overlays
MD5 c995f4b8eb77247ca774c0bb9c6f1708
File type data
Offset 63488
Size 3776319
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegEnumValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegCreateKeyA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateFontA
GetStockObject
CreateFontIndirectA
CreateSolidBrush
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetUserDefaultLangID
ReadFile
LoadLibraryA
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
GetModuleHandleA
FindFirstFileA
lstrcpyA
CloseHandle
GetTempFileNameA
CreateFileMappingA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
lstrcpynA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
ExitProcess
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteA
SHFileOperationA
SetFocus
MapWindowPoints
RegisterClassA
EmptyClipboard
GetWindowTextA
EndDialog
DestroyWindow
GetMessagePos
DefWindowProcA
PostQuitMessage
CreatePopupMenu
GetClassInfoA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
GetDC
SystemParametersInfoA
BeginPaint
SetWindowTextA
wsprintfA
ShowWindow
SetClipboardData
CharPrevA
FindWindowExA
SendMessageA
DialogBoxParamA
GetClientRect
CreateWindowExA
GetDlgItem
SetForegroundWindow
CreateDialogParamA
DrawTextA
ScreenToClient
SetRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
FillRect
CharNextA
GetDesktopWindow
CallWindowProcA
EndPaint
CloseClipboard
OpenClipboard
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 8
RT_DIALOG 7
RT_BITMAP 1
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2003:02:26 16:30:01+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23552

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3e6f

InitializedDataSize
3774976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 a70203fb784ae3cd3cf92024abbc17d1
SHA1 89f39e10329de23b707c5d6719385990ca355acf
SHA256 da829ea4d96061bda5f09c5d1fa88643e3df727d55920dd69ec2ac940e2840f5
ssdeep
98304:A2CNFUrNgsVImrY3bfTbKshQinp1zT3K7hPZ4n5lL6yo:ArNa+QVwfHfhQO3zT3UAno

authentihash 32d763a5a9a4e78a80df7800de51f66083b6e5e240bfdea6a7f897cf21a9a0f0
imphash 9446a0fb92861f59644c96ecda027cbc
File size 3.7 MB ( 3839807 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (91.7%)
Win32 Executable MS Visual C++ (generic) (3.3%)
Win64 Executable (generic) (2.9%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.4%)
Tags
peexe overlay nullsoft nsis via-tor software-collection

VirusTotal metadata
First submission 2006-05-24 07:11:31 UTC ( 12 years, 10 months ago )
Last submission 2018-09-27 02:48:13 UTC ( 5 months, 3 weeks ago )
File names file
rfdemo10.exe
test.exe
r-firewall-1016-jetelecharge.exe
rfw-en-10.exe
41782
Free-rfw_en_10.exe
rfirewall_en_10.exe
.exe
1282916942-rfw_en_10.exe
rfw_en_10(1).exe
R-Firewall_en_10.exe
rfw_en_10.exe
r-firewall-1016-jetelecharge.exe
rfw_en_10.exe
octet-stream
r-firewall-1016-jetelecharge.exe
rfw_en_10 R-Firewall 1.0.exe
output.68794607.txt
r-firewall-1016-jetelecharge.exe
68794607
a70203fb784ae3cd3cf92024abbc17d1
rfirewall.exe
file-3601588_exe
file-796439_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!