× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e93030deb17e6b450e39c0516cefdcd6f0458982f0aa1cd9ef7a07bc97b5551d
File name: rrof.exe
Detection ratio: 0 / 43
Analysis date: 2011-01-13 13:10:40 UTC ( 4 years, 4 months ago )
Antivirus Result Update
AVG 20110113
AhnLab-V3 20110112
AntiVir 20110113
Antiy-AVL 20110113
Avast 20110113
Avast5 20110113
BitDefender 20110113
CAT-QuickHeal 20110113
ClamAV 20110113
Command 20110113
Comodo 20110113
DrWeb 20110113
Emsisoft 20110113
F-Prot 20110112
F-Secure 20110113
Fortinet 20110113
GData 20110113
Ikarus 20110113
Jiangmin 20110113
K7AntiVirus 20110112
Kaspersky 20110113
McAfee 20110113
McAfee-GW-Edition 20110113
Microsoft 20110113
NOD32 20110113
Norman 20110113
PCTools 20110113
Panda 20110112
Prevx 20110113
Rising 20110113
SUPERAntiSpyware 20110113
Sophos 20110113
Symantec 20110113
TheHacker 20110113
TrendMicro 20110113
TrendMicro-HouseCall 20110113
VBA32 20110113
VIPRE 20110113
ViRobot 20110113
VirusBuster 20110113
eSafe 20110112
eTrust-Vet 20110113
nProtect 20110113
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Number of sections 3
PE sections
PE imports
RegEnumKeyA
1 more function(s) imported by ordinal)
SetBkMode
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
CoTaskMemFree
ShellExecuteA
VerQueryValueA
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

EntryPoint
0x2e210

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
6.0

OSVersion
4.0

UninitializedDataSize
167936

File identification
MD5 8b9503431ef2126780ce83ca9790deab
SHA1 846e7c721f44471e297dae19d911d63a40d7944e
SHA256 e93030deb17e6b450e39c0516cefdcd6f0458982f0aa1cd9ef7a07bc97b5551d
ssdeep
384:uVGYMSd2tQYkaDW5JakpL/vww2g6f8+gtzDSHzruQuVhk74t:qJ4tQf6WvobgFvzmHvuNE74t

File size 20.0 KB ( 20523 bytes )
File type Win32 EXE
Magic literal

TrID UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
VirusTotal metadata
First submission 2011-01-13 13:10:40 UTC ( 4 years, 4 months ago )
Last submission 2011-01-13 13:10:40 UTC ( 4 years, 4 months ago )
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!