× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e44456b1db98178037b9009b12d2afdb84098ec8b574da6e0e59f67229c7e2ac
File name: 695d6fbd8ab789979a97fb886101c576_166c2d348e9c4654bf9d0e4bcd6dfd66...
Detection ratio: 1 / 56
Analysis date: 2015-10-15 08:55:29 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
ESET-NOD32 Win32/Spy.Shiz.NCT 20151015
Ad-Aware 20151015
AegisLab 20151015
Yandex 20151014
AhnLab-V3 20151015
Alibaba 20151015
ALYac 20151015
Antiy-AVL 20151015
Arcabit 20151015
Avast 20151014
AVG 20151015
Avira (no cloud) 20151015
AVware 20151015
Baidu-International 20151014
BitDefender 20151015
Bkav 20151014
ByteHero 20151015
CAT-QuickHeal 20151015
ClamAV 20151015
CMC 20151014
Comodo 20151015
Cyren 20151015
DrWeb 20151015
Emsisoft 20151015
F-Prot 20151015
F-Secure 20151015
Fortinet 20151015
GData 20151015
Ikarus 20151015
Jiangmin 20151014
K7AntiVirus 20151015
K7GW 20151015
Kaspersky 20151015
Kingsoft 20151015
Malwarebytes 20151015
McAfee 20151015
McAfee-GW-Edition 20151015
Microsoft 20151015
eScan 20151015
NANO-Antivirus 20151015
nProtect 20151015
Panda 20151015
Qihoo-360 20151015
Rising 20151014
Sophos AV 20151015
SUPERAntiSpyware 20151015
Symantec 20151014
Tencent 20151015
TheHacker 20151012
TrendMicro 20151015
TrendMicro-HouseCall 20151015
VBA32 20151014
VIPRE 20151015
ViRobot 20151015
Zillya 20151014
Zoner 20151015
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-03-20 06:43:57
Entry Point 0x00013F53
Number of sections 4
PE sections
Overlays
MD5 2ac2ce9c437b78420f76f962f6464a32
File type data
Offset 221184
Size 366820
Entropy 4.33
PE imports
RegDeleteKeyA
GetNumberOfEventLogRecords
RegDeleteKeyW
QueryServiceConfigA
RegQueryValueExA
OpenBackupEventLogW
RegCreateKeyW
OpenServiceW
ControlService
RegCreateKeyExA
UnlockServiceDatabase
RegQueryValueExW
EqualPrefixSid
CloseServiceHandle
OpenServiceA
LsaClose
QueryServiceStatus
RegConnectRegistryW
AreAnyAccessesGranted
RegisterEventSourceA
RegReplaceKeyW
RegOpenKeyW
RegOpenKeyExA
LsaSetInformationPolicy
RegConnectRegistryA
RegEnumKeyExW
LsaAddAccountRights
InitiateSystemShutdownW
RegLoadKeyW
RegRestoreKeyW
RegisterServiceCtrlHandlerA
EnumServicesStatusA
RegUnLoadKeyA
NotifyChangeEventLog
CreateServiceA
LogonUserA
RegUnLoadKeyW
BackupEventLogW
ChangeServiceConfigW
ReportEventA
RegNotifyChangeKeyValue
GetServiceDisplayNameW
Beep
EnumResourceLanguagesW
GetConsoleCP
__p__fmode
_inp
_acmdln
_heapset
_adjust_fdiv
_XcptFilter
__getmainargs
_initterm
_controlfp
__setusermatherr
__set_app_type
CreateWindowExA
ChangeDisplaySettingsW
GetMessagePos
GetClassInfoExW
GetClassWord
GetMessageA
SetPropA
LoadBitmapW
GetPriorityClipboardFormat
DdeInitializeA
DefMDIChildProcW
SetLastErrorEx
GetCapture
CheckRadioButton
EnableScrollBar
GetWindowTextW
DrawFocusRect
LoadBitmapA
ArrangeIconicWindows
GetMenuState
GetClipboardViewer
SetScrollPos
IsWindow
SendMessageW
UnregisterClassW
GetMessageTime
DispatchMessageA
FrameRect
SetDlgItemTextA
PostMessageA
ExcludeUpdateRgn
LoadMenuW
GrayStringA
GetNextDlgTabItem
LoadIconW
CharLowerW
DrawTextExA
SetCaretBlinkTime
DialogBoxParamA
GetDlgItemInt
SetDlgItemTextW
RegisterClassExA
DrawTextA
CharNextExA
RemovePropA
GetMenu
UnregisterClassA
GetLastActivePopup
DrawIconEx
ShowScrollBar
IsZoomed
OffsetRect
EmptyClipboard
IsWindowEnabled
SubtractRect
UnpackDDElParam
SetScrollRange
EnableMenuItem
RegisterClassA
InSendMessage
InvalidateRect
InsertMenuA
GetSubMenu
GetWindowTextLengthA
GetDCEx
CreateMDIWindowW
BlockInput
PostThreadMessageW
GetActiveWindow
SetRect
GetUpdateRgn
CharNextA
WaitForInputIdle
SetActiveWindow
GetDesktopWindow
CreateIconFromResource
IsRectEmpty
IsMenu
LoadStringW
LoadMenuIndirectW
CloseClipboard
GetKeyState
DefDlgProcA
CloseWindow
LoadCursorW
Number of PE resources by type
RT_STRING 313
RT_MENU 7
RT_ICON 5
RT_GROUP_ICON 5
RT_DIALOG 2
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
ENGLISH AUS 173
BULGARIAN DEFAULT 161
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.123.54.217

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
274432

EntryPoint
0x13f53

OriginalFileName
Steamrollers.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2012-2016

FileVersion
237, 83, 251, 108

TimeStamp
2009:03:20 07:43:57+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
165, 107, 4, 229

FileDescription
Tundra

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
OpenSource Pegasus

CodeSize
81920

ProductName
Timidity Rest

ProductVersionNumber
0.163.214.84

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 695d6fbd8ab789979a97fb886101c576
SHA1 63f9516ce3649bf2ac43687bfd87f1fcf5627b6f
SHA256 e44456b1db98178037b9009b12d2afdb84098ec8b574da6e0e59f67229c7e2ac
ssdeep
12288:sEE/HBEfzFgASbPK8Pz2wnuSL9+3qrgcdc3YGlUeI:sEUH+Job/h5+3T0wLI

authentihash 2a43a18497f99ca1cd732f4d2c4d34d4f7bb6a4202bad94a7f0222ee75761463
imphash 166c2d348e9c4654bf9d0e4bcd6dfd66
File size 574.2 KB ( 588004 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-15 08:55:29 UTC ( 3 years, 3 months ago )
Last submission 2015-10-16 07:36:00 UTC ( 3 years, 3 months ago )
File names 695d6fbd8ab789979a97fb886101c576_166c2d348e9c4654bf9d0e4bcd6dfd66_695d6fbd8ab789979a97fb886101c576.kaf
Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: TROJ_GEN.R047C0DJM15.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened service managers
Opened services
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.