× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e1bbb74b159a24f93c5c967033437c5943141387cc2e1c2c79156b75749b0e96
File name: KompasAV.exe
Detection ratio: 1 / 47
Analysis date: 2013-05-17 16:18:43 UTC ( 5 years, 11 months ago )
Antivirus Result Update
ESET-NOD32 probably unknown NewHeur_PE 20130517
Yandex 20130517
AhnLab-V3 20130517
AntiVir 20130517
Antiy-AVL 20130517
Avast 20130517
AVG 20130517
BitDefender 20130517
ByteHero 20130517
CAT-QuickHeal 20130516
ClamAV 20130517
Commtouch 20130517
Comodo 20130517
DrWeb 20130517
Emsisoft 20130517
eSafe 20130516
F-Prot 20130517
F-Secure 20130517
Fortinet 20130517
GData 20130517
Ikarus 20130517
Jiangmin 20130517
K7AntiVirus 20130517
K7GW 20130517
Kaspersky 20130517
Kingsoft 20130506
Malwarebytes 20130517
McAfee 20130517
McAfee-GW-Edition 20130517
Microsoft 20130517
eScan 20130517
NANO-Antivirus 20130517
Norman 20130517
nProtect 20130517
Panda 20130517
PCTools 20130517
Rising 20130517
Sophos AV 20130517
SUPERAntiSpyware 20130517
Symantec 20130517
TheHacker 20130516
TotalDefense 20130516
TrendMicro 20130517
TrendMicro-HouseCall 20130517
VBA32 20130517
VIPRE 20130517
ViRobot 20130517
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Publisher KompasAV
Version 1.0.0.0
File version 1.1.0.0
Description Kompas Antivirus
Packers identified
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-05-16 17:37:22
Entry Point 0x00F16450
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
URLDownloadToFileW
ImageList_Add
PrintDlgW
IsEqualGUID
VariantCopy
SHGetMalloc
VerQueryValueA
OpenPrinterW
Number of PE resources by type
RT_STRING 40
RT_BITMAP 21
RT_GROUP_CURSOR 8
RT_CURSOR 8
RT_RCDATA 5
RT_ICON 1
RT_MANIFEST 1
VCLSTYLE 1
TEXT 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 44
ENGLISH US 44
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
20480

ImageVersion
0.0

FileVersionNumber
1.1.0.0

UninitializedDataSize
12042240

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

MIMEType
application/octet-stream

FileVersion
1.1.0.0

TimeStamp
2013:05:16 18:37:22+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2013:05:17 17:18:53+01:00

ProductVersion
1.0.0.0

FileDescription
Kompas Antivirus

OSVersion
5.0

FileCreateDate
2013:05:17 17:18:53+01:00

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
KompasAV

CodeSize
3776512

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0xf16450

ObjectFileType
Executable application

File identification
MD5 c8ec7c24e31bddac632d6cdec23194cd
SHA1 3d2a52ceaf5b71157c86a953f4b1b8b098cffe3c
SHA256 e1bbb74b159a24f93c5c967033437c5943141387cc2e1c2c79156b75749b0e96
ssdeep
98304:HFcxpLy1P2+pJDfQtY/elgzZCrGVOzQhIe54LgnBbC880fTGuS6:W3aP2ADfQtCM3y/BDffS

File size 3.6 MB ( 3794432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (35.2%)
UPX compressed Win32 Executable (25.9%)
Win32 EXE Yoda's Crypter (22.5%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (5.5%)
Tags
peexe upx

VirusTotal metadata
First submission 2013-05-17 16:18:43 UTC ( 5 years, 11 months ago )
Last submission 2013-05-17 16:18:43 UTC ( 5 years, 11 months ago )
File names KompasAV.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Deleted files
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications