× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dff8765147caffa5f2cd5d13c7955a8db7fef0312f7203864ee6d837712a52c6
File name: enabler2.exe
Detection ratio: 0 / 57
Analysis date: 2015-02-22 17:45:27 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware 20150222
AegisLab 20150222
Yandex 20150221
AhnLab-V3 20150222
Alibaba 20150219
ALYac 20150222
Antiy-AVL 20150222
Avast 20150222
AVG 20150222
Avira (no cloud) 20150222
AVware 20150222
Baidu-International 20150222
BitDefender 20150222
Bkav 20150213
ByteHero 20150222
CAT-QuickHeal 20150221
ClamAV 20150222
CMC 20150214
Comodo 20150222
Cyren 20150222
DrWeb 20150222
Emsisoft 20150222
ESET-NOD32 20150222
F-Prot 20150222
F-Secure 20150222
Fortinet 20150222
GData 20150222
Ikarus 20150222
Jiangmin 20150221
K7AntiVirus 20150222
K7GW 20150222
Kaspersky 20150222
Kingsoft 20150222
Malwarebytes 20150222
McAfee 20150222
McAfee-GW-Edition 20150221
Microsoft 20150222
eScan 20150222
NANO-Antivirus 20150222
Norman 20150222
nProtect 20150218
Panda 20150222
Qihoo-360 20150222
Rising 20150222
Sophos AV 20150222
SUPERAntiSpyware 20150222
Symantec 20150222
Tencent 20150222
TheHacker 20150222
TotalDefense 20150222
TrendMicro 20150222
TrendMicro-HouseCall 20150222
VBA32 20150220
VIPRE 20150222
ViRobot 20150222
Zillya 20150222
Zoner 20150220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2000-07-29 11:21:02
Entry Point 0x000011CB
Number of sections 6
PE sections
PE imports
sscanf
raise
signal
exit
sprintf
__GetMainArgs
strlen
SetROP2
RestoreDC
SelectObject
CreatePen
GetStockObject
SaveDC
DeleteObject
Rectangle
GetCommandLineA
GetCurrentThreadId
GetModuleHandleA
RtlUnwind
Sleep
SetFocus
GetMessageA
GetMessagePos
GetParent
PostQuitMessage
ShowWindow
MessageBeep
SetWindowPos
GetWindowThreadProcessId
GetSystemMetrics
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
SetCapture
ReleaseCapture
WindowFromPoint
GetClassNameA
GetWindowDC
SetWindowLongA
TranslateMessage
IsWindowEnabled
ChildWindowFromPoint
CheckDlgButton
ReleaseDC
SetWindowTextA
GetMenu
GetMenuItemRect
IsWindowVisible
SendMessageA
GetClientRect
GetDlgItem
DrawMenuBar
CreateDialogParamA
BringWindowToTop
EnableMenuItem
DeleteMenu
GetMenuItemCount
GetWindowLongA
LoadCursorA
LoadIconA
GetMenuStringA
IsDlgButtonChecked
GetSystemMenu
GetMenuItemInfoA
GetWindowTextA
SetCursor
IsDialogMessageA
DestroyWindow
Number of PE resources by type
RT_GROUP_CURSOR 2
RT_ICON 2
RT_CURSOR 2
RT_GROUP_ICON 2
RT_DIALOG 1
Number of PE resources by language
BULGARIAN DEFAULT 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2000:07:29 12:21:02+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
5632

LinkerVersion
1.3

EntryPoint
0x11cb

InitializedDataSize
7168

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
512

File identification
MD5 408369b6ee62b649cf5b9b62648427a7
SHA1 d48973ae38a56a5b9c9542ad8c70036f93f6a7e4
SHA256 dff8765147caffa5f2cd5d13c7955a8db7fef0312f7203864ee6d837712a52c6
ssdeep
192:ko87i+F/dWv+nPwt3IK7FKkNfLB6r0L4L8YrU1lYvTVZN:F87imK7FKkNTBG0L4L8YY1av1

authentihash 2552de0f0a69b770633797fbd557939ea54d750bc6e630cd18b302a7ca674802
imphash 4fe7d807bc9e0b2bcbc1695e871ffb9b
File size 13.5 KB ( 13856 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (49.4%)
Windows Screen Saver (23.4%)
Win32 Dynamic Link Library (generic) (11.7%)
Win32 Executable (generic) (8.0%)
Generic Win/DOS Executable (3.5%)
Tags
peexe

VirusTotal metadata
First submission 2014-05-05 10:16:25 UTC ( 3 years, 7 months ago )
Last submission 2015-02-22 17:45:27 UTC ( 2 years, 9 months ago )
File names enabler2.exe
enabler2.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!