× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e84e3258ffdf26a4acd862de17268f6214420a5e53ada17e839ebc78292cc988
File name: 2.exe
Detection ratio: 45 / 51
Analysis date: 2014-06-09 19:41:18 UTC ( 4 years, 11 months ago )
Antivirus Result Update
Ad-Aware Adware.Generic.600435 20140609
Yandex Adware.AdMedia!UxIhFTJ6nyM 20140608
AhnLab-V3 Dropper/Cinmus.161742 20140609
AntiVir ADSPY/AdMedia.ED.726 20140609
Antiy-AVL Spyware[AdWare:not-a-virus]/Win32.Cinmus 20140609
Avast NSIS:Cinmus [Adw] 20140609
AVG Generic4.KXG 20140609
Baidu-International AdWare.Win32.AdMedia.AFZI 20140609
BitDefender Adware.Generic.600435 20140609
Bkav W32.OgameSysA.Worm 20140606
CAT-QuickHeal Trojan.Agent.WD.cw5 20140609
ClamAV Trojan.Dropper-1805 20140609
CMC AdWare.Win32.AdMedia!O 20140609
Commtouch W32/Adrisk.VOFQ-2241 20140609
Comodo UnclassifiedMalware 20140609
DrWeb Adware.Dodoor.344 20140609
Emsisoft Adware.Generic.600435 (B) 20140609
F-Prot W32/Adrisk.IBP 20140609
F-Secure Adware:W32/Cinmus 20140609
Fortinet W32/BHO.BUZ!tr 20140609
GData Adware.Generic.600435 20140609
Ikarus not-a-virus:AdWare.Win32.Cinmus 20140609
Jiangmin Adware/AdMedia.dt 20140609
K7AntiVirus Adware ( 000000721 ) 20140609
K7GW Adware ( 000000721 ) 20140609
Kaspersky not-a-virus:AdWare.Win32.AdMedia.ed 20140609
Kingsoft Win32.Adware.CinmusT.yy.(kcloud) 20140609
Malwarebytes Adware.Cinmus 20140609
McAfee Adware-Cinmus!j 20140609
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious-PKR.G 20140609
Microsoft Trojan:Win32/Cinmeng.D 20140609
eScan Adware.Generic.600435 20140609
NANO-Antivirus Riskware.Win32.Cinmus.bydqx 20140609
nProtect Trojan-Clicker/W32.AdMedia.161742 20140609
Panda Adware/Cinmus 20140609
Qihoo-360 Trojan.Generic 20140609
Rising PE:AdWare.Win32.Cinmus.ciy!1075264201 20140609
Sophos AV Troj/BHO-KH 20140609
SUPERAntiSpyware Trojan.Agent/Gen-Cinmus 20140609
Symantec Adware.Gen 20140609
Tencent Win32.Risk.Adspy.Wvko 20140609
TheHacker Trojan/Dropper.StartPage.bho 20140609
VBA32 AdWare.Cinmus 20140609
VIPRE AdWare.Win32.Cinmus.gen (fs) 20140609
ViRobot Adware.AdMedia.161742 20140609
AegisLab 20140609
ByteHero 20140609
Norman 20140609
TotalDefense 20140609
TrendMicro 20140609
TrendMicro-HouseCall 20140609
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-01-26 09:43:36
Entry Point 0x000037F0
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
GetObjectA
GetCurrentObject
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
LoadLibraryA
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
GetTickCount
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
ExitProcess
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
MapWindowPoints
EmptyClipboard
GetMessagePos
CharPrevA
EndDialog
BeginPaint
FindWindowExA
DefWindowProcA
PostQuitMessage
ScreenToClient
CreatePopupMenu
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
EnableWindow
SetDlgItemTextA
CallWindowProcA
GetDlgItemTextA
MessageBoxA
PeekMessageA
SetWindowLongA
wvsprintfA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
GetAsyncKeyState
SystemParametersInfoA
GetClassInfoA
DrawFocusRect
ShowWindow
SetClipboardData
PtInRect
IsWindowVisible
SendMessageA
DialogBoxParamA
GetClientRect
SetTimer
GetDlgItem
SetForegroundWindow
CreateDialogParamA
SetCursor
DrawTextA
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SetWindowTextA
FillRect
IsDlgButtonChecked
CharNextA
LoadImageA
wsprintfA
EndPaint
CloseClipboard
DestroyWindow
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_ICON 7
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 9
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:01:26 10:43:36+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
26112

LinkerVersion
6.0

FileAccessDate
2014:06:09 20:41:28+01:00

EntryPoint
0x37f0

InitializedDataSize
307200

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:06:09 20:41:28+01:00

UninitializedDataSize
8192

File identification
MD5 ddb60e096955d4729ddc830dd0c0e9a2
SHA1 dc45c99c74c4c80ca12bdff3f6d978be82e0cd6e
SHA256 e84e3258ffdf26a4acd862de17268f6214420a5e53ada17e839ebc78292cc988
ssdeep
3072:6z0WmlPw1F4lPJBZIAKck7mtwDW3gEdHseCcPU7IxML2uNKc0zxze+WR80z7dd8p:M2FwvQWAK4wUgEdnCloMx6zxzeAsE5D

imphash 42134c4fb1b2d3cf6b447e018a5de700
File size 158.0 KB ( 161742 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2009-08-27 19:26:30 UTC ( 9 years, 8 months ago )
Last submission 2014-06-09 19:41:18 UTC ( 4 years, 11 months ago )
File names XN_tooMhQJ.dotm
aa
2.exe
DDB60E096955D4729DDC830DD0C0E9A2
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!