× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec48b28216e65ba2a4d7d35872810d346e0135c759fa7cb29c7f9a128f802393
File name: wtf1.exe
Detection ratio: 8 / 42
Analysis date: 2012-04-29 17:17:38 UTC ( 5 years, 3 months ago ) View latest
Antivirus Result Update
AVG Downloader.Agent2.BAZE 20120429
DrWeb BackDoor.Poison.11150 20120429
Emsisoft Trojan-Downloader.Agent!IK 20120429
Ikarus Trojan-Downloader.Agent 20120429
Jiangmin VirTool.MS04-028.vb 20120429
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20120429
nProtect Trojan/W32.Small.29184.QF 20120429
VBA32 TrojanDownloader.Agent.vdsq 20120428
AhnLab-V3 20120429
AntiVir 20120429
Antiy-AVL 20120429
Avast 20120429
BitDefender 20120429
ByteHero 20120424
CAT-QuickHeal 20120429
ClamAV 20120429
Commtouch 20120429
Comodo 20120429
eSafe 20120425
eTrust-Vet 20120427
F-Prot 20120429
F-Secure 20120429
Fortinet 20120429
GData 20120429
K7AntiVirus 20120427
Kaspersky 20120429
McAfee 20120429
Microsoft 20120429
NOD32 20120429
Norman 20120429
Panda 20120429
PCTools 20120424
Rising 20120428
Sophos AV 20120429
SUPERAntiSpyware 20120402
Symantec 20120429
TheHacker 20120428
TrendMicro 20120429
TrendMicro-HouseCall 20120429
VIPRE 20120429
ViRobot 20120429
VirusBuster 20120429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-29 17:17:21
Entry Point 0x00011109
Number of sections 7
PE sections
PE imports
HeapFree
lstrlenA
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
HeapSetInformation
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
MultiByteToWideChar
GetProcAddress
InterlockedCompareExchange
EncodePointer
GetProcessHeap
RaiseException
WideCharToMultiByte
GetModuleFileNameW
InterlockedExchange
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
DecodePointer
GetModuleHandleW
TerminateProcess
VirtualQuery
Sleep
HeapAlloc
GetCurrentThreadId
printf
__dllonexit
_controlfp_s
wcscpy_s
_invoke_watson
_fmode
_cexit
?terminate@@YAXXZ
_lock
_onexit
__initenv
exit
_XcptFilter
_commode
_CrtSetCheckCount
__setusermatherr
_initterm_e
_amsg_exit
_CrtDbgReportW
_unlock
_crt_debugger_hook
_configthreadlocale
_except_handler4_common
__getmainargs
_exit
_wmakepath_s
_CRT_RTC_INITW
_wsplitpath_s
_initterm
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2012:04:29 18:17:21+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
14336

LinkerVersion
10.0

EntryPoint
0x11109

InitializedDataSize
14848

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 0c70746f42fab14916783fda0f095348
SHA1 951e05659525218fa334ee50bfe503661f647c31
SHA256 ec48b28216e65ba2a4d7d35872810d346e0135c759fa7cb29c7f9a128f802393
ssdeep
384:Ci7dEDMZ9+7OogGaZAHT8LOeDrT19PJ1wUbJEL2E7VDB8:TpED2WHJsxCUsl5DB

authentihash 614dc69f96c3b7aae399d1373f73eb1eca1193f00106b729dad87ca1e69da234
imphash 319ba1cde07a0b4cf6b91d1d59c59bd0
File size 28.5 KB ( 29184 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.4%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-04-29 17:17:38 UTC ( 5 years, 3 months ago )
Last submission 2016-01-11 05:25:01 UTC ( 1 year, 7 months ago )
File names wtf1.exe
ec48b28216e65ba2a4d7d35872810d346e0135c759fa7cb29c7f9a128f802393.vir
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!