× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ee481903e94dc04dc2c030d98c5b2d8207ea7df41684c18e1a93d20c2506b4e0
File name: tbp-setup.exe
Detection ratio: 1 / 41
Analysis date: 2009-05-04 21:11:33 UTC ( 4 years, 11 months ago ) View latest
Antivirus Result Update
Sunbelt VIPRE.Suspicious 20090504
AVG 20090504
AhnLab-V3 20090504
AntiVir 20090504
Antiy-AVL 20090430
Authentium 20090504
Avast 20090504
BitDefender 20090504
CAT-QuickHeal 20090504
ClamAV 20090504
Comodo 20090503
DrWeb 20090504
F-Prot 20090504
F-Secure 20090504
Fortinet 20090504
GData 20090504
Ikarus 20090504
K7AntiVirus 20090504
Kaspersky 20090504
McAfee 20090504
McAfee+Artemis 20090504
McAfee-GW-Edition 20090504
Microsoft 20090504
NOD32 20090504
NOD32Beta 20090504
Norman 20090504
PCTools 20090503
Panda 20090504
Prevx1 20090504
Rising 20090504
Sophos 20090504
Symantec 20090504
TheHacker 20090504
TrendMicro 20090504
VBA32 20090504
ViRobot 20090504
VirusBuster 20090504
a-squared 20090504
eSafe 20090503
eTrust-Vet 20090504
nProtect 20090504
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 2007-2009 Marisuite

Publisher Marisuite
Product Antispam Marisuite for The Bat!
File version 1.5.2.352
Description Antispam Marisuite for The Bat! setup program
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-02-08 21:25:06
Link date 10:25 PM 2/8/2008
Entry Point 0x00003225
Number of sections 5
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
lstrlenA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
GetShortPathNameA
GetCurrentProcess
LoadLibraryExA
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GlobalLock
SetFileAttributesA
SetFilePointer
GetTempPathA
CreateThread
lstrcmpiA
GetModuleHandleA
lstrcmpA
ReadFile
WriteFile
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
RemoveDirectoryA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GlobalAlloc
SearchPathA
FindClose
Sleep
CreateFileA
GetTickCount
GetVersion
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetFileInfoA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
EmptyClipboard
GetMessagePos
EndPaint
CharPrevA
EndDialog
BeginPaint
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
MessageBoxIndirectA
LoadImageA
GetDlgItemTextA
PeekMessageA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
CreatePopupMenu
wsprintfA
DialogBoxParamA
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
DrawTextA
EnableMenuItem
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
SetTimer
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
ShowWindow
OpenClipboard
CharNextA
CallWindowProcA
GetSystemMenu
EnableWindow
CloseClipboard
DestroyWindow
ExitWindowsEx
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_ICON 7
RT_DIALOG 6
RT_VERSION 3
RT_MANIFEST 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 16
RUSSIAN 1
SLOVAK DEFAULT 1
ExifTool file metadata
UninitializedDataSize
1024

LinkerVersion
6.0

ImageVersion
0.0

CompanyWebsite
http://marisuite.com/thebat.html

FileSubtype
0

FileVersionNumber
1.5.2.352

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

InitializedDataSize
119808

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.5.2.352

TimeStamp
2008:02:08 22:25:06+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

ProductVersion
1.5.2.352

FileDescription
Antispam Marisuite for The Bat! setup program

OSVersion
4.0

FileOS
Win32

LegalCopyright
Copyright 2007-2009 Marisuite

MachineType
Intel 386 or later, and compatibles

CompanyName
Marisuite

CodeSize
23040

ProductName
Antispam Marisuite for The Bat!

ProductVersionNumber
1.5.2.352

EntryPoint
0x3225

ObjectFileType
Executable application

File identification
MD5 66f519e1b6f798108d257711fbae206e
SHA1 f1dd3262be7d1f9a59900b72a5b67eef513f8be9
SHA256 ee481903e94dc04dc2c030d98c5b2d8207ea7df41684c18e1a93d20c2506b4e0
ssdeep
98304:2mHY/jHLmIGPYoUaSWeEq2njuBgCXdIQQmUdnCv/:2m4rzmqBvKCWQednq

imphash 099c0646ea7282d232219f8807883be0
File size 4.4 MB ( 4595061 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.8%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
Generic Win/DOS Executable (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2009-04-12 14:53:08 UTC ( 5 years ago )
Last submission 2012-03-21 22:06:26 UTC ( 2 years, 1 month ago )
File names sample_f1dd3262be7d1f9a59900b72a5b67eef513f8be9
Advanced heuristic and reputation engines
ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!