× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f181c43663f8844e34626d4dfc099ee10b03ab454a3d374829b03a7c466662a3
File name: bartpe-pe-builder-2902-jetelecharge.exe
Detection ratio: 2 / 57
Analysis date: 2016-12-30 03:29:12 UTC ( 1 year ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.SGeneric 20161230
Rising Malware.Heuristic!ET-FPrAgU0r2fE (cloud) 20161230
Ad-Aware 20161230
AegisLab 20161230
AhnLab-V3 20161229
Alibaba 20161223
ALYac 20161230
Arcabit 20161230
Avast 20161230
AVG 20161230
Avira (no cloud) 20161229
AVware 20161230
Baidu 20161207
BitDefender 20161230
Bkav 20161229
CAT-QuickHeal 20161229
ClamAV 20161229
CMC 20161229
Comodo 20161230
CrowdStrike Falcon (ML) 20161024
Cyren 20161230
DrWeb 20161230
Emsisoft 20161230
ESET-NOD32 20161230
F-Prot 20161230
F-Secure 20161230
Fortinet 20161230
GData 20161230
Ikarus 20161229
Sophos ML 20161216
Jiangmin 20161230
K7AntiVirus 20161229
K7GW 20161230
Kaspersky 20161230
Kingsoft 20161230
Malwarebytes 20161230
McAfee 20161230
McAfee-GW-Edition 20161230
Microsoft 20161230
eScan 20161230
NANO-Antivirus 20161230
nProtect 20161230
Panda 20161229
Qihoo-360 20161230
Sophos AV 20161230
SUPERAntiSpyware 20161230
Symantec 20161230
Tencent 20161230
TheHacker 20161229
TotalDefense 20161229
TrendMicro 20161230
TrendMicro-HouseCall 20161230
Trustlook 20161230
VBA32 20161229
VIPRE 20161230
ViRobot 20161229
WhiteArmor 20161221
Yandex 20161229
Zillya 20161229
Zoner 20161230
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

File version
Description PE Builder Setup
Comments This installation was built with Inno Setup: http://www.innosetup.com
Packers identified
F-PROT INNO, appended, Unicode, UPX, Aspack
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x000097F0
Number of sections 8
PE sections
Overlays
MD5 bb75e44a84cfd6051d20a08c5ef84604
File type data
Offset 52224
Size 3254454
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
This installation was built with Inno Setup: http://www.innosetup.com

InitializedDataSize
16896

ImageVersion
0.0

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

MIMEType
application/octet-stream

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

FileDescription
PE Builder Setup

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bart Lagerweij

CodeSize
36864

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x97f0

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Overlay parents
Compressed bundles
File identification
MD5 f9013d809cde9c8137f604d3806bf898
SHA1 e3516e2155fba1d180fa6269748dd1b0a5d05285
SHA256 f181c43663f8844e34626d4dfc099ee10b03ab454a3d374829b03a7c466662a3
ssdeep
98304:edZG/qe4bH2INTlyQVPyq9pOEkHyxhRvsVb1:iZG/LQHzPyQIqPNxhRSJ

authentihash cc449fa1db296b3a54d66ba3fc934672df428ce98ad12408dc67bc0baa45ac38
imphash 80417b621299e3e1de617305557a3c68
File size 3.2 MB ( 3306678 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 9.x (51.2%)
Inno Setup installer (37.9%)
Win32 Executable Delphi generic (4.9%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
peexe software-collection aspack upx overlay

VirusTotal metadata
First submission 2007-09-26 00:45:28 UTC ( 10 years, 4 months ago )
Last submission 2018-01-10 00:03:55 UTC ( 1 week, 6 days ago )
File names bartpe-pe-builder-2902-jetelecharge.exe
bartpe.exe
test.exe
460196
1360356181-pebuilder3110a.exe.log
eeb7245fc19aa744aa46839df0adfab0077ee41d31706d686c7f4ba5c7e6696c5d1abddb6282cd7633a2b4d6db2373eab6dd751db589de0b0e17dec328a92782
115998562_app_1.pebuilder3110a.exe
bart-s-preinstalled-environment-bartpe_bart_s_preinstalled_environment_bartpe_v3.1.10a_francais_3.exe
bartpe-pe-builder-2902-jetelecharge.exe
81282824_app_1.pebuilder3110a.exe
Setup.exe
bartPE.exe
pebuilder3110a.exe
pebuilder3110a-3.1.10a.exe
pebuilder3110a.exe
smona131488689915337857028
bartpe-pe-builder-2902-jetelecharge.exe
BartPE (pebuilder ver.3.1.10a).exe
smona131682072088834617898
data
f9013d809cde9c8137f604d3806bf898
pebuilder_3v1v10a.exe
pebuilder3110a(4).exe
peber3110a.exe
sbse____.ujl
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!