× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e9fa4ad461668ef8b4855b79885c7eaaa73988e1838a094f734951922e6dc49c
File name: proxy_v29.exe
Detection ratio: 2 / 55
Analysis date: 2015-06-29 13:22:56 UTC ( 2 years, 4 months ago ) View latest
Antivirus Result Update
Bkav HW32.Packed.6753 20150629
Tencent Win32.Trojan.Inject.Auto 20150629
Ad-Aware 20150629
AegisLab 20150629
Yandex 20150628
AhnLab-V3 20150629
Alibaba 20150629
ALYac 20150629
Antiy-AVL 20150629
Arcabit 20150629
Avast 20150629
AVG 20150629
Avira (no cloud) 20150629
AVware 20150629
Baidu-International 20150629
BitDefender 20150629
ByteHero 20150629
CAT-QuickHeal 20150629
ClamAV 20150629
Comodo 20150629
Cyren 20150629
DrWeb 20150629
Emsisoft 20150629
ESET-NOD32 20150629
F-Prot 20150629
F-Secure 20150629
Fortinet 20150629
GData 20150629
Ikarus 20150629
Jiangmin 20150626
K7AntiVirus 20150629
K7GW 20150629
Kaspersky 20150629
Kingsoft 20150629
Malwarebytes 20150629
McAfee 20150629
McAfee-GW-Edition 20150629
Microsoft 20150629
eScan 20150629
NANO-Antivirus 20150629
nProtect 20150629
Panda 20150629
Qihoo-360 20150629
Rising 20150628
Sophos AV 20150629
SUPERAntiSpyware 20150629
Symantec 20150629
TheHacker 20150626
TrendMicro 20150629
TrendMicro-HouseCall 20150629
VBA32 20150629
VIPRE 20150629
ViRobot 20150629
Zillya 20150629
Zoner 20150629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-21 20:32:48
Entry Point 0x0006D000
Number of sections 6
PE sections
PE imports
GetModuleHandleA
ExitProcess
GetCommandLineW
GetMessageA
CreateWindowExA
DispatchMessageA
TranslateMessage
DefWindowProcA
RegisterClassExA
Number of PE resources by type
RT_BITMAP 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2004:11:21 21:32:48+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
440320

LinkerVersion
1.71

FileTypeExtension
exe

InitializedDataSize
436224

SubsystemVersion
4.0

EntryPoint
0x6d000

OSVersion
1.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4009cd042071c81ce9c1aaa13ac046f2
SHA1 0f1bdea84a7686c8e81f828056b841be17b6714c
SHA256 e9fa4ad461668ef8b4855b79885c7eaaa73988e1838a094f734951922e6dc49c
ssdeep
12288:/qwp+HxvWzCY3T7pXgYxcLfILmZy5CA6VpPRy4ton:NEYCY3Thg+MgLWUCA6Jyk

authentihash 56e019bf72c4863d616daa06cd58a802443a76277dfb6c038a3490b1ed4d348c
imphash e3573fd5e5ee5f2485cdd850a7292e55
File size 436.0 KB ( 446464 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (42.4%)
Win16/32 Executable Delphi generic (19.5%)
Generic Win/DOS Executable (18.8%)
DOS Executable Generic (18.8%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-29 11:22:09 UTC ( 2 years, 4 months ago )
Last submission 2015-07-13 19:50:11 UTC ( 2 years, 4 months ago )
File names uWKEWnJW.rtf
E9FA4AD461668EF8B4855B79885C7EAAA73988E1838A094F734951922E6DC49C.EXE
e9fa4ad461668ef8b4855b79885c7eaaa73988e1838a094f734951922e6dc49c.log
Fvngc.tar.bz2
proxy_v29.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!