× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db9345188d8b913b7abd5ea998f67fb7d4fb7aa054e48c52641e795d9b3c7e28
File name: Pinterest_01.exe
Detection ratio: 3 / 48
Analysis date: 2013-10-01 18:04:37 UTC ( 3 years, 9 months ago ) View latest
Antivirus Result Update
Bkav HW32.CDB.87f1 20130927
Kaspersky Trojan-Spy.Win32.Zbot.qgje 20131001
Malwarebytes Trojan.Backdoor.RV 20131001
Yandex 20131001
AhnLab-V3 20131001
AntiVir 20131001
Antiy-AVL 20131001
Avast 20131001
AVG 20131001
Baidu-International 20131001
BitDefender 20131001
ByteHero 20130925
CAT-QuickHeal 20131001
ClamAV 20131001
Commtouch 20131001
Comodo 20131001
DrWeb 20131001
Emsisoft 20131001
ESET-NOD32 20131001
F-Prot 20131001
F-Secure 20131001
Fortinet 20131001
GData 20131001
Ikarus 20131001
Jiangmin 20130903
K7AntiVirus 20131001
K7GW 20131001
Kingsoft 20130829
McAfee 20131001
McAfee-GW-Edition 20131001
Microsoft 20131001
eScan 20131001
NANO-Antivirus 20131001
Norman 20131001
nProtect 20131001
Panda 20131001
PCTools 20131001
Rising 20130930
Sophos 20131001
SUPERAntiSpyware 20131001
Symantec 20131001
TheHacker 20131001
TotalDefense 20130930
TrendMicro 20131001
TrendMicro-HouseCall 20131001
VBA32 20131001
VIPRE 20131001
ViRobot 20131001
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (C) 2007 Throughsoldier Corporation. All rights reserved.

Publisher Throughsoldier Corporation.
Product Throughsoldier Mile
Original name sight.exe
Internal name sight.exe
File version 13.0.92.987
Description Throughsoldier Mile
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-01 09:04:46
Entry Point 0x000417D1
Number of sections 4
PE sections
PE imports
GetStdHandle
HeapDestroy
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsW
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
InitializeCriticalSection
TlsGetValue
SetLastError
GetModuleFileNameW
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
EnumSystemLocalesA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetStartupInfoW
GetUserDefaultLCID
RemoveDirectoryW
IsValidLocale
GetProcAddress
CreateFileW
GetFileType
TlsSetValue
ExitProcess
PrepareTape
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
CreateProcessW
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
SetFilePointer
CloseHandle
GetACP
IsValidCodePage
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
VirtualAlloc
LZRead
LZSeek
GetExpandedNameW
LZDone
LZStart
LZClose
LZInit
LZOpenFileW
StiCreateInstanceW
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
7.1

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
13.0.92.987

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
208384

EntryPoint
0x417d1

OriginalFileName
sight.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2007 Throughsoldier Corporation. All rights reserved.

FileVersion
13.0.92.987

TimeStamp
2013:10:01 10:04:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
sight.exe

ProductVersion
13.0.92.987

FileDescription
Throughsoldier Mile

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Throughsoldier Corporation.

CodeSize
308736

ProductName
Throughsoldier Mile

ProductVersionNumber
13.0.92.987

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 83bbe52c8584a5dab07a11ecc5aaf090
SHA1 b1b00aa38a7546353f1002ae99b4f5b6286c10ba
SHA256 db9345188d8b913b7abd5ea998f67fb7d4fb7aa054e48c52641e795d9b3c7e28
ssdeep
12288:omfw2ZhpqaTiFTtJBtvkrMGgzcYxK/kVI:oywmhRMTLnMrMGgzcYgAI

authentihash 78bf2f14c41c43d132cd39a6ee2111e016d7cef997a780a5afbdedfab719d843
imphash bdd0248de797a5a3cb4aa8e35db3e539
File size 484.5 KB ( 496128 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-01 13:43:31 UTC ( 3 years, 9 months ago )
Last submission 2014-01-08 01:43:57 UTC ( 3 years, 5 months ago )
File names about.exe
sight.exe
55fe8ee0fd12860d5496d6d5cce312b82a09cfbc
info.exe[1]
Pinterest_01.exe
db9345188d8b913b7abd5ea998f67fb7d4fb7aa054e48c52641e795d9b3c7e28
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R026C0CD115.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!