× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f455d4a0d3ab58231427fc99269727b9adc1928d8025c6b46dc61df7475f1e21
File name: netshares.exe.ViR
Detection ratio: 10 / 42
Analysis date: 2012-07-11 19:47:25 UTC ( 6 years, 8 months ago ) View latest
Antivirus Result Update
AntiVir TR/Agent.86016.107 20120705
Avast Win32:Malware-gen 20120705
AVG Generic3.REX 20120705
Comodo UnclassifiedMalware 20120705
Emsisoft Virus.Win32.Malware!IK 20120705
GData Win32:Malware-gen 20120705
Ikarus Virus.Win32.Malware 20120705
K7AntiVirus Riskware 20120705
Norman W32/Suspicious_Gen4.AALOS 20120705
Symantec WS.Reputation.1 20120706
AhnLab-V3 20120705
Antiy-AVL 20120705
BitDefender 20120705
ByteHero 20120704
CAT-QuickHeal 20120705
ClamAV 20120705
Commtouch 20120705
DrWeb 20120706
eSafe 20120705
F-Prot 20120705
F-Secure 20120706
Fortinet 20120705
Jiangmin 20120705
Kaspersky 20120705
McAfee 20120706
McAfee-GW-Edition 20120705
Microsoft 20120705
NOD32 20120705
nProtect 20120706
Panda 20120705
PCTools 20120705
Rising 20120705
Sophos AV 20120705
SUPERAntiSpyware 20120705
TheHacker 20120704
TotalDefense 20120705
TrendMicro 20120706
TrendMicro-HouseCall 20120705
VBA32 20120705
VIPRE 20120705
ViRobot 20120705
VirusBuster 20120705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-03-25 11:45:11
Entry Point 0x00001000
Number of sections 8
PE sections
PE imports
IsValidAcl
CloseServiceHandle
RegCloseKey
EnumServicesStatusA
IsValidSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetAce
GetSecurityDescriptorSacl
LookupAccountSidA
OpenSCManagerA
RegConnectRegistryA
IsValidSecurityDescriptor
LookupAccountSidW
GetLastError
HeapFree
GetStdHandle
SetHandleCount
GetOEMCP
LCMapStringA
ExitProcess
TlsAlloc
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetLocalTime
GetStartupInfoA
GetEnvironmentStrings
SetConsoleCtrlHandler
WideCharToMultiByte
UnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
GetProcAddress
GetProcessHeap
SetFilePointer
RaiseException
GetCPInfo
TlsFree
GetModuleHandleA
FormatMessageA
WriteFile
CloseHandle
GetACP
GetStringTypeW
GetCurrentThreadId
IsBadStringPtrW
GlobalMemoryStatus
GetTimeZoneInformation
VirtualFree
TlsGetValue
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
GetVersion
VirtualAlloc
NetStatisticsGet
NetShareEnum
NetQueryDisplayInformation
NetLocalGroupEnum
NetRemoteComputerSupports
NetServerEnum
NetUserEnum
NetGroupEnum
NetScheduleJobEnum
NetUseEnum
NetReplExportDirEnum
NetApiBufferFree
NetMessageNameEnum
NetConnectionEnum
NetServerGetInfo
NetLocalGroupGetMembers
NetWkstaUserEnum
NetSessionEnum
NetRemoteTOD
NetGroupGetUsers
NetReplImportDirEnum
NetServerTransportEnum
NetWkstaGetInfo
NetEnumerateTrustedDomains
NetServiceEnum
NetGetDCName
NetServerDiskEnum
NetFileEnum
Ord(4)
Ord(5)
Ord(8)
Ord(10)
wsprintfA
MessageBoxA
EnumThreadWindows
EnumPrinterDriversA
EnumPrintersA
EnumMonitorsA
EnumPortsA
PE exports
Number of PE resources by type
RT_RCDATA 1
Number of PE resources by language
NEUTRAL 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

TimeStamp
2008:03:25 12:45:11+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
57344

LinkerVersion
5.0

FileTypeExtension
exe

InitializedDataSize
24576

SubsystemVersion
4.0

EntryPoint
0x1000

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 ada4be9ab674ef75f4fe8f4317859f21
SHA1 41acda81a7dd072fbf3fdc5db4228de168096428
SHA256 f455d4a0d3ab58231427fc99269727b9adc1928d8025c6b46dc61df7475f1e21
ssdeep
1536:+DJuT9pwg6xQTm3gcuT9qdhseRrF++Qx/L/0fK5z5b6JHG0GwT/:+D6z2u/XT9qdpF+/0fYz5b6XT/

authentihash f0d3cc99af5d5e85f402fc86a8e9597a0b7e86856b7032837d958a5a7517d2f3
imphash da4d0429b73e02870d78f102c5609b81
File size 84.0 KB ( 86016 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID DOS Executable Borland C++ (46.2%)
Win32 Dynamic Link Library (generic) (23.3%)
Win32 Executable (generic) (16.0%)
Generic Win/DOS Executable (7.1%)
DOS Executable Generic (7.1%)
Tags
peexe

VirusTotal metadata
First submission 2008-10-07 21:51:52 UTC ( 10 years, 5 months ago )
Last submission 2016-08-18 12:17:36 UTC ( 2 years, 7 months ago )
File names netshares.exe
MvBc7GL2f.txt
netshares1.exe
netshares.exe
f455d4a0d3ab58231427fc99269727b9adc1928d8025c6b46dc61df7475f1e21.log
q7M_E.sys
f455d4a0d3ab58231427fc99269727b9adc1928d8025c6b46dc61df7475f1e21
1342124390.netshares.exe.ViR
netshares.exe.ViR
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!