× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e625fdb49695886ee2781d6e2c3755f7fc8c9c56ca208bdd14e51f11466abe10
File name: a5ceb22a98fc8440fc80a1a693b10d63
Detection ratio: 1 / 43
Analysis date: 2012-03-14 20:19:23 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
Sophos AV Troj/Agent-VHA 20120314
AhnLab-V3 20120314
AntiVir 20120314
Antiy-AVL 20120314
Avast 20120314
AVG 20120314
BitDefender 20120314
ByteHero 20120314
CAT-QuickHeal 20120314
ClamAV 20120314
Commtouch 20120314
Comodo 20120313
DrWeb 20120314
Emsisoft 20120313
eSafe 20120313
eTrust-Vet 20120314
F-Prot 20120314
F-Secure 20120314
Fortinet 20120314
GData 20120314
Ikarus 20120314
Jiangmin 20120301
K7AntiVirus 20120313
Kaspersky 20120314
McAfee 20120313
McAfee-GW-Edition 20120314
Microsoft 20120314
NOD32 20120314
Norman 20120313
nProtect 20120313
Panda 20120314
PCTools 20120313
Prevx 20120314
Rising 20120314
SUPERAntiSpyware 20120314
Symantec 20120313
TheHacker 20120313
TrendMicro 20120314
TrendMicro-HouseCall 20120313
VBA32 20120314
VIPRE 20120314
ViRobot 20120314
VirusBuster 20120314
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1970-01-01 03:10:27
Entry Point 0x00001130
Number of sections 4
PE sections
PE imports
GetLastError
GetStartupInfoA
GetModuleHandleA
HeapCreate
HeapAlloc
SetLastError
_except_handler3
__p__fmode
_adjust_fdiv
_acmdln
_exit
__p__commode
__setusermatherr
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
memcpy
__set_app_type
Number of PE resources by type
RT_DIALOG 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
1970:01:01 04:10:27+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
10752

LinkerVersion
6.0

EntryPoint
0x1130

InitializedDataSize
512

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
1.0

UninitializedDataSize
0

File identification
MD5 a5ceb22a98fc8440fc80a1a693b10d63
SHA1 e53a8bb462743c3f00b7a437bdec428e2d6d7512
SHA256 e625fdb49695886ee2781d6e2c3755f7fc8c9c56ca208bdd14e51f11466abe10
ssdeep
384:TVdHlElW/hqPH7LVo8NWeGFNPti5mwqSz24PE+t5I66ai2HD:TjOlssC8keGzM3qYIOi2

authentihash 9c6cfc2a9dd90f79d91d15ec9a41a38e606cb6f6a64ecfeb69cf69fed87a44d6
imphash d59455e99250ae657e8f3535458c7526
File size 32.5 KB ( 33280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo

VirusTotal metadata
First submission 2012-03-14 11:03:26 UTC ( 5 years, 6 months ago )
Last submission 2015-06-12 09:39:12 UTC ( 2 years, 3 months ago )
File names e625fdb49695886ee2781d6e2c3755f7fc8c9c56ca208bdd14e51f11466abe10.log
004304675
files_load2.exe
smona_e625fdb49695886ee2781d6e2c3755f7fc8c9c56ca208bdd14e51f11466abe10.bin
file-3669269_exe
425D6985008561FF8231001C24556E00B7024754.exe
a5ceb22a98fc8440fc80a1a693b10d63
unknown.bin
C1D360.exe
B87963.exe
load2.exe
1D32D6.exe
server_privileges.exe
e4a8aa.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!