× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ec8307ab5c4a9c5b7dcf2a2ff6190b123e2905844245044bcc54ef4d862d5e70
File name: deczip
Detection ratio: 0 / 65
Analysis date: 2017-07-15 21:45:07 UTC ( 1 year, 10 months ago )
Antivirus Result Update
Ad-Aware 20170715
AegisLab 20170715
AhnLab-V3 20170715
Alibaba 20170714
ALYac 20170715
Antiy-AVL 20170715
Arcabit 20170715
Avast 20170715
AVG 20170715
Avira (no cloud) 20170715
AVware 20170715
Baidu 20170714
BitDefender 20170715
Bkav 20170715
CAT-QuickHeal 20170715
ClamAV 20170715
CMC 20170714
Comodo 20170715
CrowdStrike Falcon (ML) 20170710
Cylance 20170715
Cyren 20170715
DrWeb 20170715
Emsisoft 20170715
Endgame 20170713
ESET-NOD32 20170715
F-Prot 20170715
F-Secure 20170715
Fortinet 20170629
GData 20170715
Ikarus 20170715
Sophos ML 20170607
Jiangmin 20170715
K7AntiVirus 20170714
K7GW 20170715
Kaspersky 20170715
Kingsoft 20170715
Malwarebytes 20170715
MAX 20170715
McAfee 20170715
McAfee-GW-Edition 20170715
Microsoft 20170715
eScan 20170715
NANO-Antivirus 20170715
nProtect 20170715
Palo Alto Networks (Known Signatures) 20170715
Panda 20170715
Qihoo-360 20170715
Rising 20170715
SentinelOne (Static ML) 20170516
Sophos AV 20170715
SUPERAntiSpyware 20170715
Symantec 20170715
Symantec Mobile Insight 20170713
Tencent 20170715
TheHacker 20170712
TotalDefense 20170715
TrendMicro 20170715
TrendMicro-HouseCall 20170715
Trustlook 20170715
VBA32 20170714
VIPRE 20170715
ViRobot 20170715
WhiteArmor 20170713
Yandex 20170714
Zillya 20170714
ZoneAlarm by Check Point 20170715
Zoner 20170715
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright(c) 2001-2004 by pon software

Product decode zip
Original name deczip.exe
Internal name deczip
File version 1.39
Description Win32 Zip Self-Extractor
Comments
Packers identified
F-PROT ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-11-12 08:58:25
Entry Point 0x0000182F
Number of sections 3
PE sections
Overlays
MD5 c1a775a20cf7d4a8c718032793b9af7f
File type data
Offset 36864
Size 169309
Entropy 7.99
PE imports
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
malloc
fgetc
fread
wcschr
_lseek
fopen
strncpy
strchr
strtok
??2@YAPAXI@Z
fwrite
fseek
_open
wcslen
ftell
strrchr
_filelength
wcsrchr
_close
memset
fclose
??3@YAXPAX@Z
free
wcscat
wcscspn
atoi
_splitpath
memcpy
strstr
_read
wcscpy
wcsstr
IsDBCSLeadByte
DosDateTimeToFileTime
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
FreeLibrary
ExitProcess
SetFileTime
RemoveDirectoryA
GlobalAlloc
LoadLibraryA
GetShortPathNameA
GetStartupInfoA
FileTimeToDosDateTime
SearchPathA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
MultiByteToWideChar
GetCommandLineA
GlobalLock
GetFileTime
GetTempPathA
WideCharToMultiByte
lstrcmpiA
GetModuleHandleA
lstrcmpA
FindFirstFileA
GlobalReAlloc
lstrcpyA
CloseHandle
FindNextFileA
GetSystemDirectoryA
CreateThread
FileTimeToLocalFileTime
SetFileAttributesA
GetExitCodeProcess
GetModuleFileNameA
GlobalHandle
LocalFileTimeToFileTime
FindClose
Sleep
CreateFileA
SHGetFileInfoA
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
GetMessageA
UpdateWindow
EndDialog
PostQuitMessage
ShowWindow
MessageBeep
SetWindowPos
FindWindowA
IsWindow
DispatchMessageA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
PeekMessageA
TranslateMessage
DialogBoxParamA
DestroyIcon
LoadStringA
SendMessageA
GetDlgItem
CreateDialogParamA
InvalidateRect
wsprintfA
CreateWindowExA
IsDlgButtonChecked
WaitForInputIdle
IsDialogMessageA
DestroyWindow
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 10
RT_ICON 4
RT_GROUP_ICON 3
RT_STRING 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 9
JAPANESE DEFAULT 6
ENGLISH US 6
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.39.0.1

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
16384

EntryPoint
0x182f

OriginalFileName
deczip.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright(c) 2001-2004 by pon software

FileVersion
1.39

TimeStamp
2004:11:12 09:58:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
deczip

ProductVersion
1.39

FileDescription
Win32 Zip Self-Extractor

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
pon software

CodeSize
24064

ProductName
decode zip

ProductVersionNumber
1.39.0.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1b86ca3c857f142d41e47990e640700a
SHA1 edc140a0d615ed8f4795bb3f2d71ad8a744116b6
SHA256 ec8307ab5c4a9c5b7dcf2a2ff6190b123e2905844245044bcc54ef4d862d5e70
ssdeep
3072:tpxqFzm4tUGSzQ0OKp/y6cY4j4YYVMGNar59IkX/RzqaouDo1eEjKeTftv12qGjR:Nsvttuv2cGr59Is5mPt1B1jGj3h

authentihash cd5efa0df61d172a6fbfd33ff9792c076cce9e869c8b96c7b0b58864b7568e09
imphash f58bda67ab382417dae9d51c2197c1f4
File size 201.3 KB ( 206173 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (40.9%)
Win64 Executable (generic) (36.2%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
Win32 Executable MS Visual FoxPro 7 (2.9%)
Tags
peexe overlay

VirusTotal metadata
First submission 2009-09-02 04:27:49 UTC ( 9 years, 8 months ago )
Last submission 2016-04-04 05:23:46 UTC ( 3 years, 1 month ago )
File names nscore016.exe
deczip.exe
deczip
filename
octet-stream
nscore016.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Runtime DLLs