× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: db941ce54290a536912c02c8f1692256f9f1f7ab6ca8f6b1e162eb1d9a1e3b64
File name: 7b3bc53a16df1b8bfcd0a3ecc3d232ca5bf3ca11
Detection ratio: 6 / 56
Analysis date: 2014-11-27 00:34:58 UTC ( 4 years, 3 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20141127
AVG Win32/Cryptor 20141127
Bkav HW32.Packed.ADC4 20141120
ESET-NOD32 Win32/Spy.Zbot.ACB 20141127
Kaspersky UDS:DangerousObject.Multi.Generic 20141126
Malwarebytes Trojan.FakeMBAM.ED 20141126
Ad-Aware 20141127
AegisLab 20141127
Yandex 20141126
AhnLab-V3 20141126
ALYac 20141126
Antiy-AVL 20141126
Avira (no cloud) 20141126
AVware 20141121
Baidu-International 20141126
BitDefender 20141127
ByteHero 20141127
CAT-QuickHeal 20141126
ClamAV 20141127
CMC 20141126
Comodo 20141127
Cyren 20141126
DrWeb 20141126
Emsisoft 20141127
F-Prot 20141126
F-Secure 20141127
Fortinet 20141126
GData 20141126
Ikarus 20141126
Jiangmin 20141126
K7AntiVirus 20141126
K7GW 20141126
Kingsoft 20141127
McAfee 20141126
McAfee-GW-Edition 20141126
Microsoft 20141127
eScan 20141126
NANO-Antivirus 20141126
Norman 20141126
nProtect 20141126
Panda 20141126
Qihoo-360 20141127
Rising 20141126
Sophos AV 20141126
SUPERAntiSpyware 20141126
Symantec 20141127
Tencent 20141127
TheHacker 20141124
TotalDefense 20141126
TrendMicro 20141126
TrendMicro-HouseCall 20141127
VBA32 20141126
VIPRE 20141126
ViRobot 20141126
Zillya 20141126
Zoner 20141125
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Malwarebytes Corporation. All rights reserved.

Publisher Malwarebytes Corporation
Product Malwarebytes Anti-Malware
Original name mbam.exe
Internal name mbam.exe
File version 1.0.1.7
Description Malwarebytes Anti-Malware
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-11-25 23:33:05
Entry Point 0x00007443
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreatePatternBrush
CreateCompatibleDC
GetCurrentObject
MoveToEx
DeleteDC
SelectObject
RectVisible
SetViewportOrgEx
SetTextAlign
CreateSolidBrush
Polyline
GetTextExtentPointA
FillPath
BitBlt
GetTextAlign
BeginPath
DeleteObject
Ellipse
Rectangle
EndPath
GetSystemTime
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
GetStdHandle
SystemTimeToFileTime
LCMapStringW
SetHandleCount
GetModuleFileNameW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
EnterCriticalSection
IsDebuggerPresent
GetTickCount
CreateDirectoryA
TlsAlloc
GetDateFormatA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
HeapAlloc
GetCurrentProcess
EnumSystemLocalesA
GetStartupInfoW
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
SetFileTime
GetModuleHandleW
GetCPInfo
GetFileAttributesA
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetUserDefaultLCID
DeleteCriticalSection
LeaveCriticalSection
EncodePointer
GetLocaleInfoW
SetStdHandle
CompareStringW
RaiseException
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
TlsFree
SetFilePointer
GetSystemTimeAsFileTime
HeapSetInformation
ReadFile
GetCurrentThreadId
SetUnhandledExceptionFilter
WriteFile
DecodePointer
CloseHandle
IsProcessorFeaturePresent
CreateWaitableTimerA
IsValidLocale
GetACP
HeapReAlloc
GetStringTypeW
SetWaitableTimer
SetEnvironmentVariableA
TerminateProcess
GetTimeZoneInformation
IsValidCodePage
HeapCreate
SetLastError
CreateFileW
LocalFileTimeToFileTime
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
ExitProcess
GetVersion
GetProcAddress
WriteConsoleW
InterlockedIncrement
GradientFill
OleTranslateColor
VariantInit
PathGetArgsA
DrawEdge
GetMessageA
BeginPaint
SetRectEmpty
KillTimer
GetMonitorInfoA
DefWindowProcA
DispatchMessageA
EndPaint
IsRectEmpty
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
TranslateMessage
IsWindowEnabled
GetDC
ReleaseDC
ChildWindowFromPointEx
GetClientRect
CreateWindowExA
GetDlgItem
RegisterClassA
SetRect
InvalidateRect
GetWindowLongA
SetTimer
LoadCursorA
FillRect
CopyRect
GetSysColorBrush
LoadImageA
EnableWindow
PtInRect
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateFromHWND
GdipLoadImageFromFile
GdipDisposeImage
GdipDeleteGraphics
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
Number of PE resources by type
RT_BITMAP 2
Struct(28) 2
RT_VERSION 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.1.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
233472

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Malwarebytes Corporation. All rights reserved.

FileVersion
1.0.1.7

TimeStamp
2014:11:26 00:33:05+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
mbam.exe

FileAccessDate
2014:12:04 01:36:27+01:00

ProductVersion
1.0.1.7

FileDescription
Malwarebytes Anti-Malware

OSVersion
5.1

FileCreateDate
2014:12:04 01:36:27+01:00

OriginalFilename
mbam.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Malwarebytes Corporation

CodeSize
92160

ProductName
Malwarebytes Anti-Malware

ProductVersionNumber
1.0.1.7

EntryPoint
0x7443

ObjectFileType
Executable application

File identification
MD5 e44644a4d63cd5f53b5c5f10fbc50187
SHA1 7b3bc53a16df1b8bfcd0a3ecc3d232ca5bf3ca11
SHA256 db941ce54290a536912c02c8f1692256f9f1f7ab6ca8f6b1e162eb1d9a1e3b64
ssdeep
6144:/jIVpC4JcM4SuQreZcYzrFdGWD5nPVbKY82j8:OpC4JcTSfYlzreW5PQV

authentihash 3e1d1659a0eff3f60164859ad81bbd25e44b573f2ddd88ab529103c620cfc1e6
imphash 0c82616948be5d40ebb041f25c60c33a
File size 319.0 KB ( 326656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2014-11-27 00:34:58 UTC ( 4 years, 3 months ago )
Last submission 2014-11-27 00:34:58 UTC ( 4 years, 3 months ago )
File names db941ce54290a536912c02c8f1692256f9f1f7ab6ca8f6b1e162eb1d9a1e3b64.exe
mbam.exe
7b3bc53a16df1b8bfcd0a3ecc3d232ca5bf3ca11
db941ce54290a536912c02c8f1692256f9f1f7ab6ca8f6b1e162eb1d9a1e3b64.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Searched windows
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.