× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dabb3a52f494574d21e0ec8d4eda9845e34d106b25b98917b01a8471b30d229d
File name: setup.ex_.setup.exe_
Detection ratio: 14 / 40
Analysis date: 2010-02-08 17:04:56 UTC ( 4 years, 5 months ago ) View latest
Antivirus Result Update
AntiVir TR/Expl.IMG-WMF.bts 20100208
Antiy-AVL Exploit/Win32.IMG-WMF.gen 20100208
Ikarus Exploit.Win32.IMG-WMF 20100208
K7AntiVirus Exploit.Win32.IMG-WMF.bts 20100206
Kaspersky Exploit.Win32.IMG-WMF.bts 20100208
McAfee Generic Exploit!s 20100207
McAfee+Artemis Generic Exploit!s 20100207
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.L 20100208
PCTools Downloader.Generic 20100208
Panda Trj/CI.A 20100207
Prevx Medium Risk Malware 20100208
Sunbelt Trojan.Win32.Generic!BT 20100207
VBA32 Exploit.Win32.IMG-WMF.bts 20100208
a-squared Exploit.Win32.IMG-WMF!IK 20100208
AVG 20100208
AhnLab-V3 20100208
Authentium 20100208
Avast 20100208
BitDefender 20100208
CAT-QuickHeal 20100208
ClamAV 20100208
Comodo 20100208
DrWeb 20100208
F-Prot 20100208
F-Secure 20100208
Fortinet 20100208
GData 20100208
Jiangmin 20100208
Microsoft 20100208
NOD32 20100208
Norman 20100208
Rising 20100208
Sophos 20100208
TheHacker 20100208
TrendMicro 20100208
ViRobot 20100208
VirusBuster 20100208
eSafe 20100207
eTrust-Vet 20100208
nProtect 20100208
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-05 11:46:52
Link date 12:46 PM 9/5/2009
Entry Point 0x00001110
Number of sections 5
PE sections
PE imports
GetAtomNameA
AddAtomA
WaitForSingleObject
SetUnhandledExceptionFilter
FindAtomA
GetStartupInfoA
ExitProcess
GetCommandLineA
GetModuleHandleA
ShellExecuteExA
_cexit
__p__fmode
malloc
__p__environ
signal
memset
free
_onexit
atexit
abort
_setmode
_assert
__getmainargs
_iob
__set_app_type
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:09:05 12:46:52+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
3072

LinkerVersion
2.56

FileAccessDate
2014:03:29 13:15:09+01:00

EntryPoint
0x1110

InitializedDataSize
5120

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

FileCreateDate
2014:03:29 13:15:09+01:00

UninitializedDataSize
512

Compressed bundles
File identification
MD5 30275fc3df5b5c2f1d2e72250b820706
SHA1 897edcdce86eb4a1dcd1b6403594bada4263219b
SHA256 dabb3a52f494574d21e0ec8d4eda9845e34d106b25b98917b01a8471b30d229d
ssdeep
96:GgNIt42CduaGfGP+MpdCGYxobE/KLn3gjpz:zc+RCGYRKn3g

imphash 690a7efe0d1be5cc5bc5e1c1429f6a06
File size 6.0 KB ( 6144 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (61.6%)
Win32 Dynamic Link Library (generic) (14.6%)
Win32 Executable (generic) (10.0%)
Win16/32 Executable Delphi generic (4.6%)
Generic Win/DOS Executable (4.4%)
Tags
peexe

VirusTotal metadata
First submission 2010-01-31 05:53:32 UTC ( 4 years, 5 months ago )
Last submission 2014-03-29 12:14:16 UTC ( 3 months, 2 weeks ago )
File names A
smona_dabb3a52f494574d21e0ec8d4eda9845e34d106b25b98917b01a8471b30d229d.bin
30275fc3df5b5c2f1d2e72250b820706_SETUP~.EXE
setupol.exe
setupold.exe
SETUPOL.EXE.MWT
30275fc3df5b5c2f1d2e72250b820706
vti-rescan
7db6102c2230d0.bup.bin
897EDCDCE86EB4A1DCD1B6403594BADA4263219B.a2m
setup.exe
setupol.exe
setupol.exe.dat
file-3304581_MWT
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!