× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ea3e09de0ec1ccd3aacbfb60fe8788ca78be1b0570793e474ff9bbfacacbdce4
File name: dnsmgr.exe.ViR
Detection ratio: 9 / 42
Analysis date: 2012-07-11 19:38:12 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AntiVir TR/Agent.KDJ 20120711
Comodo UnclassifiedMalware 20120711
K7AntiVirus Trojan 20120711
McAfee Artemis!3004CE6CB7C4 20120711
McAfee-GW-Edition Artemis!3004CE6CB7C4 20120711
Norman W32/Suspicious_Gen2.SCTC 20120711
Sophos AV Troj/Agent-KDH 20120711
TrendMicro-HouseCall TROJ_GEN.R99B1CI 20120711
VIPRE Trojan.Win32.Generic!BT 20120711
AhnLab-V3 20120711
Antiy-AVL 20120711
Avast 20120711
AVG 20120711
BitDefender 20120711
ByteHero 20120704
CAT-QuickHeal 20120711
ClamAV 20120711
Commtouch 20120711
DrWeb 20120711
Emsisoft 20120711
eSafe 20120710
F-Prot 20120711
F-Secure 20120711
Fortinet 20120711
GData 20120711
Ikarus 20120711
Jiangmin 20120711
Kaspersky 20120711
Microsoft 20120711
NOD32 20120711
nProtect 20120711
Panda 20120711
PCTools 20120711
Rising 20120711
SUPERAntiSpyware 20120711
Symantec 20120711
TheHacker 20120711
TotalDefense 20120710
TrendMicro 20120711
VBA32 20120711
ViRobot 20120711
VirusBuster 20120711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Product
Original name
Internal name
File version 1.0.0.0
Description
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2007-08-24 14:03:59
Entry Point 0x00001DF6
Number of sections 4
PE sections
Overlays
MD5 d7d8d1f813bad89d5e94d8c8818a8b88
File type data
Offset 20480
Size 1141654
Entropy 7.31
PE imports
GetLastError
LoadLibraryA
FreeLibrary
GetConsoleTitleA
GetVersionExA
GetModuleFileNameA
GetProcAddress
SetLastError
__p__fmode
malloc
sscanf
memset
strcat
_lseek
printf
fflush
_rmdir
strlen
strncpy
_except_handler3
_errno
_open
_getpid
exit
sprintf
memcmp
__setusermatherr
__p__commode
_close
_XcptFilter
_adjust_fdiv
free
getenv
atol
__getmainargs
calloc
_write
__p___initenv
_exit
_stat
strstr
_read
remove
strcpy
_mkdir
_initterm
_controlfp
__set_app_type
vsprintf
strcmp
_iob
MessageBoxA
Number of PE resources by type
RT_ICON 2
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
12288

EntryPoint
0x1df6

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2007:08:24 15:03:59+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
4096

FileSubtype
0

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

Compressed bundles
File identification
MD5 3004ce6cb7c44605cdf971b74db3a079
SHA1 f023b5f5cd8b85b266d0a0ad416136fda27577ef
SHA256 ea3e09de0ec1ccd3aacbfb60fe8788ca78be1b0570793e474ff9bbfacacbdce4
ssdeep
24576:cOJnjLzjdZm5TXlTJFjOET3aZ+lDOS66wG3abCeqsNtb+2oQf:v81bp3o6FPeq8b+g

authentihash 5108ae99daddb7ebbddc4d0a9b7d3d56a857c016e955081cf7b0dc452430757e
imphash 3201205a56a30111410d37d9c12832b7
File size 1.1 MB ( 1162134 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (32.2%)
UPX compressed Win32 Executable (31.5%)
Win32 EXE Yoda's Crypter (27.4%)
Win32 Executable (generic) (4.6%)
Generic Win/DOS Executable (2.0%)
Tags
peexe armadillo overlay

VirusTotal metadata
First submission 2008-07-31 20:03:37 UTC ( 10 years, 7 months ago )
Last submission 2016-08-17 18:17:11 UTC ( 2 years, 7 months ago )
File names 3004ce6cb7c44605cdf971b74db3a079.exe
SKEaoffPC.cpl
aa
cZEEYY.png
dnsmgr.exe.ViR
dnsmgr.exe
virussign.com_3004ce6cb7c44605cdf971b74db3a079.exe
1342124245.dnsmgr.exe.ViR
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!