× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ed1afbc74c59f1a2087c4cf1889b72793470d129f9d16c5357235ec891cabcac
File name: file.exe
Detection ratio: 1 / 46
Analysis date: 2013-03-29 14:03:52 UTC ( 1 year ago ) View latest
Antivirus Result Update
CAT-QuickHeal (Suspicious) - DNAScan 20130329
AVG 20130329
Agnitum 20130329
AhnLab-V3 20130329
AntiVir 20130329
Antiy-AVL 20130329
Avast 20130329
BitDefender 20130329
ByteHero 20130322
ClamAV 20130329
Commtouch 20130329
Comodo 20130329
DrWeb 20130329
ESET-NOD32 20130329
Emsisoft 20130329
F-Prot 20130329
F-Secure 20130329
Fortinet 20130329
GData 20130329
Ikarus 20130329
Jiangmin 20130329
K7AntiVirus 20130328
Kaspersky 20130329
Kingsoft 20130325
Malwarebytes 20130329
McAfee 20130329
McAfee-GW-Edition 20130329
MicroWorld-eScan 20130329
Microsoft 20130329
NANO-Antivirus 20130329
Norman 20130329
PCTools 20130329
Panda 20130329
Rising 20130328
SUPERAntiSpyware 20130329
Sophos 20130329
Symantec 20130329
TheHacker 20130329
TotalDefense 20130328
TrendMicro 20130329
TrendMicro-HouseCall 20130329
VBA32 20130328
VIPRE 20130329
ViRobot 20130329
eSafe 20130328
nProtect 20130329
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-29 10:52:43
Link date 11:52 AM 3/29/2013
Entry Point 0x00001000
Number of sections 17
PE sections
PE imports
GetModuleHandleA
fclose
_mmap64
strtoul
strtoull
fflush
strtol
fputc
strtod
fwrite
strtof
fputs
_fstat64
regcomp
__errno
dup2
read
memcpy
strstr
__ctype_ptr__
__getreent
opendir
strcmp
memchr
strncmp
toupper
snprintf
optind
memset
readdir
close
strlcat
strchr
strlcpy
regfree
access
exit
strrchr
regexec
munmap
strcspn
asprintf
gmtime
free
_impure_ptr
asctime_r
_fopen64
wcwidth
_exit
_daylight
setlocale
realloc
_open64
printf
pread
cygwin_detach_dll
puts
_lseek64
_dll_crt0@0
qsort
putc
dup
strdup
unlink
fork
mktime
_fcntl64
execvp
getenv
vfprintf
cygwin_internal
strerror
getline
malloc
strndup
mbrtowc
abort
fprintf
strlen
_lstat64
write
ctime_r
rewind
mkstemp
waitpid
optarg
tolower
vasprintf
dll_dllcrt0
regerror
closedir
readlink
calloc
getopt_long
__assert_func
iswprint
pipe
__main
_stat64
utimes
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:03:29 11:52:43+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
76288

LinkerVersion
2.23

EntryPoint
0x1000

InitializedDataSize
24064

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
1024

File identification
MD5 0833d6c527faa7430055bc9f513c4327
SHA1 d88069b7246fd0a35a7b1369ea795fbe1b5a66b7
SHA256 ed1afbc74c59f1a2087c4cf1889b72793470d129f9d16c5357235ec891cabcac
ssdeep
6144:Khh2NFKD0Ddi0qut616dWvbZj11vSwDMX63u/:Khh2X3DgkNduMX63u/

File size 315.2 KB ( 322745 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.4%)
Win32 Executable (generic) (29.7%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-03-29 14:03:52 UTC ( 1 year ago )
Last submission 2013-10-07 09:48:07 UTC ( 6 months, 1 week ago )
File names file.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!