× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e219db823bf51eb5ef70d64ebc6630c7ffe691b4693f31c980f670c35d8b0af9
File name: RamDDumper.exe.ViR
Detection ratio: 0 / 41
Analysis date: 2012-07-11 19:47:17 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AhnLab-V3 20120711
AntiVir 20120711
Antiy-AVL 20120711
Avast 20120711
AVG 20120711
BitDefender 20120711
ByteHero 20120704
CAT-QuickHeal 20120711
Commtouch 20120711
Comodo 20120711
DrWeb 20120711
Emsisoft 20120711
eSafe 20120710
F-Prot 20120711
F-Secure 20120711
Fortinet 20120711
GData 20120711
Ikarus 20120711
Jiangmin 20120711
K7AntiVirus 20120711
Kaspersky 20120711
McAfee 20120711
McAfee-GW-Edition 20120711
Microsoft 20120711
NOD32 20120711
Norman 20120711
nProtect 20120711
Panda 20120711
PCTools 20120711
Rising 20120711
Sophos AV 20120711
SUPERAntiSpyware 20120711
Symantec 20120711
TheHacker 20120711
TotalDefense 20120710
TrendMicro 20120711
TrendMicro-HouseCall 20120711
VBA32 20120711
VIPRE 20120711
ViRobot 20120711
VirusBuster 20120711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-05-27 14:31:56
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
CreateToolhelp32Snapshot
SetThreadLocale
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
SetHandleCount
GetSystemInfo
GetFileAttributesA
WaitForSingleObject
GetExitCodeProcess
LCMapStringA
ExitProcess
TlsAlloc
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
GetStartupInfoA
GetEnvironmentStrings
GetLocaleInfoA
OpenProcess
UnhandledExceptionFilter
SetFilePointer
GetCurrentDirectoryA
Module32First
MultiByteToWideChar
GetShortPathNameA
GetLogicalDrives
ReadProcessMemory
GetCommandLineA
GetProcAddress
TlsFree
GetProcessHeap
GetSystemDefaultLangID
RaiseException
GetCPInfo
GetStringTypeA
GetModuleHandleA
ReadFile
WriteFile
TlsSetValue
CloseHandle
IsValidLocale
GetACP
GetStringTypeW
GetUserDefaultLCID
GetFullPathNameA
GetDriveTypeA
GlobalMemoryStatus
CreateProcessA
GetTimeZoneInformation
WideCharToMultiByte
GetVersion
SetLastError
VirtualFree
VirtualQueryEx
TlsGetValue
GetFileType
SetConsoleCtrlHandler
CreateFileA
HeapAlloc
GetCurrentThreadId
VirtualAlloc
GetOEMCP
LeaveCriticalSection
GetModuleBaseNameA
EnumProcesses
EnumProcessModules
wsprintfA
MessageBoxA
EnumThreadWindows
PE exports
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:05:27 15:31:56+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
73728

LinkerVersion
5.0

FileTypeExtension
exe

InitializedDataSize
118784

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 3dd47d9ead4dad89b0b30423e6ad9e70
SHA1 e7b8a70ef8e45fd3a4fa412850b59032c0468318
SHA256 e219db823bf51eb5ef70d64ebc6630c7ffe691b4693f31c980f670c35d8b0af9
ssdeep
1536:aB/Q7lqqCxvGqIHgXxOhSxBC66UGJ77c/gOWfMmiDLP5TxJb1SZAMGsGM2r1B:aB/Q4uq4c6U4w8iDLBTIIr

authentihash 56b43050af23f187f224ce398ad4a468f09bb2641c45d38d6f69c7b1348fa171
imphash dff0521d0b88ea29a9c54351c3d12908
File size 192.5 KB ( 197120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library - Borland C/C++ (88.6%)
DOS Executable Borland C++ (5.2%)
Win32 Dynamic Link Library (generic) (2.6%)
Win32 Executable (generic) (1.8%)
Generic Win/DOS Executable (0.8%)
Tags
peexe

VirusTotal metadata
First submission 2011-03-03 19:55:45 UTC ( 8 years ago )
Last submission 2016-08-17 12:56:30 UTC ( 2 years, 7 months ago )
File names vti-rescan
1342124453.RamDDumper.exe.ViR
RamDDumper.exe.ViR
RamDDumper.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!