× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e754eaeafb23b3eb4f5df9fbe5672b5b59cde631b9aab9833f8b97103a3331f9
File name: coo1_program.exe
Detection ratio: 3 / 48
Analysis date: 2013-10-11 14:21:49 UTC ( 6 months, 1 week ago )
Antivirus Result Update
Bkav HW32.TsCabk.tueu 20131010
Ikarus Trojan.Agent4 20131011
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20131011
AVG 20131011
Agnitum 20131010
AhnLab-V3 20131011
AntiVir 20131011
Antiy-AVL 20131011
Avast 20131011
Baidu-International 20131011
BitDefender 20131011
ByteHero 20130920
CAT-QuickHeal 20131011
ClamAV 20131011
Commtouch 20131011
Comodo 20131011
DrWeb 20131011
ESET-NOD32 20131011
Emsisoft 20131011
F-Prot 20131011
F-Secure 20131011
Fortinet 20131011
GData 20131011
Jiangmin 20130903
K7AntiVirus 20131010
K7GW 20131010
Kaspersky 20131011
Kingsoft 20130829
Malwarebytes 20131011
McAfee 20131011
MicroWorld-eScan 20131011
Microsoft 20131011
NANO-Antivirus 20131011
Norman 20131011
PCTools 20131002
Panda 20131011
Rising 20131011
SUPERAntiSpyware 20131011
Sophos 20131011
Symantec 20131011
TheHacker 20131010
TotalDefense 20131010
TrendMicro 20131011
TrendMicro-HouseCall 20131011
VBA32 20131011
VIPRE 20131011
ViRobot 20131011
nProtect 20131011
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-11 05:32:13
Link date 6:32 AM 10/11/2013
Entry Point 0x00001280
Number of sections 16
PE sections
PE imports
GetLastError
AddAtomA
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
ExitProcess
TlsAlloc
VirtualProtect
DeleteCriticalSection
GetAtomNameA
CreateSemaphoreA
TlsGetValue
MultiByteToWideChar
GetProcAddress
CreateMutexA
IsDBCSLeadByteEx
ReleaseSemaphore
WideCharToMultiByte
TlsFree
GetModuleHandleA
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
InitializeCriticalSection
VirtualQuery
FindAtomA
InterlockedDecrement
Sleep
TlsSetValue
GetCurrentThreadId
InterlockedIncrement
SetLastError
LeaveCriticalSection
__p__fmode
malloc
getc
__p__environ
realloc
fread
fclose
wcsftime
wcsxfrm
atexit
abort
_setmode
getwc
fflush
fopen
strlen
towupper
_cexit
fputc
iswctype
_errno
strtod
fwrite
fgetpos
strftime
_onexit
wcslen
fputs
sprintf
putc
memcmp
ungetwc
fsetpos
towlower
strchr
strxfrm
_fdopen
wcscoll
free
getenv
setlocale
signal
atoi
_fstati64
__getmainargs
calloc
_write
strcoll
memcpy
_lseeki64
memmove
_read
strerror
strcmp
_filelengthi64
setvbuf
__mb_cur_max
ungetc
putwc
__set_app_type
vfprintf
localeconv
memchr
_iob
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:10:11 06:32:13+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
439808

LinkerVersion
2.22

EntryPoint
0x1280

InitializedDataSize
478208

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
27648

File identification
MD5 8fa2d3222b1676d4de1ab2822a45c84b
SHA1 32146e378e48711cde85d8e9f60c8111c796364e
SHA256 e754eaeafb23b3eb4f5df9fbe5672b5b59cde631b9aab9833f8b97103a3331f9
ssdeep
12288:7EGIMidVocMMzfHpexsc+x6mJA5xYh8P+6jBWNzfc8EccN4rxZdvEzjozc4IVY3k:71IMibocMMzfHpexsc8ygv530

File size 935.8 KB ( 958281 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.4%)
Win32 Executable (generic) (29.7%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-10-11 14:21:49 UTC ( 6 months, 1 week ago )
Last submission 2013-10-11 14:21:49 UTC ( 6 months, 1 week ago )
File names coo1_program.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Created mutexes