× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea0a1b89260052658dad8f41c4b441429cfadd64d0153a25a3d06e6d1e377827
File name: Test.exe
Detection ratio: 14 / 42
Analysis date: 2012-06-17 06:01:01 UTC ( 6 years, 10 months ago ) View latest
Antivirus Result Update
BitDefender Gen:Variant.Graftor.25107 20120617
Emsisoft Trojan.Crypt!IK 20120617
F-Secure Gen:Variant.Graftor.25107 20120617
GData Gen:Variant.Graftor.25107 20120617
Ikarus Trojan.Crypt 20120617
Jiangmin Trojan/KillFiles.bdm 20120617
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.C!81 20120616
nProtect Trojan/W32.Small.25600.SX 20120616
SUPERAntiSpyware Trojan.Agent/Gen-Dropper 20120617
TheHacker Trojan/Dropper.Mudrop.snj 20120616
TrendMicro PAK_Generic.001 20120617
TrendMicro-HouseCall PAK_Generic.001 20120616
VBA32 TrojanDropper.Mudrop.sse 20120615
VirusBuster Packed/MPress 20120615
AhnLab-V3 20120616
AntiVir 20120616
Antiy-AVL 20120617
Avast 20120616
AVG 20120616
ByteHero 20120613
CAT-QuickHeal 20120616
ClamAV 20120617
Commtouch 20120616
Comodo 20120617
DrWeb 20120617
eSafe 20120614
F-Prot 20120616
Fortinet 20120617
K7AntiVirus 20120615
Kaspersky 20120617
McAfee 20120617
Microsoft 20120617
NOD32 20120616
Norman 20120616
Panda 20120616
PCTools 20120617
Rising 20120614
Sophos AV 20120617
Symantec 20120617
TotalDefense 20120615
VIPRE 20120617
ViRobot 20120616
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-25 13:17:51
Entry Point 0x0000E1E7
Number of sections 3
PE sections
PE imports
InitCommonControls
BitBlt
GetProcAddress
GetModuleHandleA
CoInitialize
ShellExecuteExA
PathQuoteSpacesA
IsChild
Number of PE resources by type
RT_RCDATA 3
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 4
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2011:03:25 14:17:51+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
33792

LinkerVersion
2.5

EntryPoint
0xe1e7

InitializedDataSize
7680

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 f453f7ad90d61428b3709eb763b30ccc
SHA1 e8b9be6e44fb9fb208b3074eb891d3d8395c40a2
SHA256 ea0a1b89260052658dad8f41c4b441429cfadd64d0153a25a3d06e6d1e377827
ssdeep
768:ehHKmM0qauedFQFtxTXKXAx6ZQgZOgRTJe7DLO:e4mMyTcTXfxhgZzTuO

authentihash 57647a4d37f7767a09d3b12ecbf5f413c4d27dff526d9ef3f5772e1d8dc728d5
imphash 691f1193f16065947032ace3a2329e55
File size 25.0 KB ( 25600 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe

VirusTotal metadata
First submission 2012-06-17 06:01:01 UTC ( 6 years, 10 months ago )
Last submission 2016-04-18 16:17:52 UTC ( 3 years ago )
File names ea0a1b89260052658dad8f41c4b441429cfadd64d0153a25a3d06e6d1e377827.vir
Test.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0113.

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Written files
Deleted files
Created processes
Opened mutexes
Runtime DLLs
UDP communications