× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e93030deb17e6b450e39c0516cefdcd6f0458982f0aa1cd9ef7a07bc97b5551d
File name: rrof.exe
Detection ratio: 0 / 43
Analysis date: 2011-01-13 13:10:40 UTC ( 3 years, 6 months ago )
Antivirus Result Update
AVG 20110113
AhnLab-V3 20110112
AntiVir 20110113
Antiy-AVL 20110113
Avast 20110113
Avast5 20110113
BitDefender 20110113
CAT-QuickHeal 20110113
ClamAV 20110113
Command 20110113
Comodo 20110113
DrWeb 20110113
Emsisoft 20110113
F-Prot 20110112
F-Secure 20110113
Fortinet 20110113
GData 20110113
Ikarus 20110113
Jiangmin 20110113
K7AntiVirus 20110112
Kaspersky 20110113
McAfee 20110113
McAfee-GW-Edition 20110113
Microsoft 20110113
NOD32 20110113
Norman 20110113
PCTools 20110113
Panda 20110112
Prevx 20110113
Rising 20110113
SUPERAntiSpyware 20110113
Sophos 20110113
Symantec 20110113
TheHacker 20110113
TrendMicro 20110113
TrendMicro-HouseCall 20110113
VBA32 20110113
VIPRE 20110113
ViRobot 20110113
VirusBuster 20110113
eSafe 20110112
eTrust-Vet 20110113
nProtect 20110113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Number of sections 3
PE sections
PE imports
RegEnumKeyA
1 more function(s) imported by ordinal)
SetBkMode
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
CoTaskMemFree
ShellExecuteA
VerQueryValueA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

EntryPoint
0x2e210

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
167936

File identification
MD5 8b9503431ef2126780ce83ca9790deab
SHA1 846e7c721f44471e297dae19d911d63a40d7944e
SHA256 e93030deb17e6b450e39c0516cefdcd6f0458982f0aa1cd9ef7a07bc97b5551d
ssdeep
384:uVGYMSd2tQYkaDW5JakpL/vww2g6f8+gtzDSHzruQuVhk74t:qJ4tQf6WvobgFvzmHvuNE74t

File size 20.0 KB ( 20523 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
VirusTotal metadata
First submission 2011-01-13 13:10:40 UTC ( 3 years, 6 months ago )
Last submission 2011-01-13 13:10:40 UTC ( 3 years, 6 months ago )
File names
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!