× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f4ff958747f1015215419fa8915729cf90592106e2d30afe0bad2df71fe3842f
File name: Burrrn_1.14-Beta-2.exe
Detection ratio: 1 / 69
Analysis date: 2018-12-11 07:53:44 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Bkav W32.AIDetectVM.malware 20181211
Ad-Aware 20181211
AegisLab 20181211
AhnLab-V3 20181210
Alibaba 20180921
ALYac 20181211
Antiy-AVL 20181210
Arcabit 20181211
Avast 20181211
Avast-Mobile 20181210
AVG 20181211
Avira (no cloud) 20181210
Babable 20180918
Baidu 20181207
BitDefender 20181211
CAT-QuickHeal 20181210
ClamAV 20181211
CMC 20181210
Comodo 20181211
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181211
Cyren 20181211
DrWeb 20181211
eGambit 20181211
Emsisoft 20181211
Endgame 20181108
ESET-NOD32 20181211
F-Prot 20181211
F-Secure 20181211
Fortinet 20181211
GData 20181211
Ikarus 20181211
Sophos ML 20181128
Jiangmin 20181211
K7AntiVirus 20181211
K7GW 20181211
Kaspersky 20181211
Kingsoft 20181211
Malwarebytes 20181211
MAX 20181211
McAfee 20181211
McAfee-GW-Edition 20181210
Microsoft 20181211
eScan 20181211
NANO-Antivirus 20181211
Palo Alto Networks (Known Signatures) 20181211
Panda 20181210
Qihoo-360 20181211
Rising 20181211
SentinelOne (Static ML) 20181011
Sophos AV 20181211
SUPERAntiSpyware 20181205
Symantec 20181211
Symantec Mobile Insight 20181207
TACHYON 20181211
Tencent 20181211
TheHacker 20181210
Trapmine 20181205
TrendMicro 20181211
TrendMicro-HouseCall 20181211
Trustlook 20181211
VBA32 20181210
VIPRE 20181208
ViRobot 20181211
Webroot 20181211
Yandex 20181207
Zillya 20181211
ZoneAlarm by Check Point 20181211
Zoner 20181211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT NSIS, UPX
PEiD NSIS Installer --> NullSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2005-06-20 21:40:37
Entry Point 0x00003330
Number of sections 5
PE sections
Overlays
MD5 d5ff8e8fe382723c0d6b8bb40f5750b9
File type data
Offset 57344
Size 2067905
Entropy 8.00
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteValueA
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
SetBkMode
CreateBrushIndirect
CreateFontIndirectA
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
GetUserDefaultLangID
LoadLibraryA
CreateFileMappingA
GetFileAttributesA
GlobalFree
WaitForSingleObject
GetExitCodeProcess
CopyFileA
ExitProcess
SetFileTime
GlobalUnlock
GetModuleFileNameA
RemoveDirectoryA
GetShortPathNameA
GetCommandLineA
GetCurrentProcess
CompareFileTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileSize
lstrcatA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
SetFilePointer
GlobalLock
SetFileAttributesA
lstrlenA
GetTempPathA
lstrcmpiA
CreateThread
MapViewOfFile
GetModuleHandleA
ReadFile
lstrcpyA
FindFirstFileA
CloseHandle
GetTempFileNameA
lstrcpynA
FindNextFileA
GetSystemDirectoryA
GetDiskFreeSpaceA
ExpandEnvironmentStringsA
GetFullPathNameA
FreeLibrary
MoveFileA
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
WriteFile
GlobalAlloc
SearchPathA
FindClose
Sleep
SetEndOfFile
CreateFileA
GetTickCount
GetProcAddress
SetCurrentDirectoryA
MulDiv
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHFileOperationA
CharPrevA
GetMessagePos
PeekMessageA
EmptyClipboard
EndDialog
DestroyWindow
PostQuitMessage
DefWindowProcA
SetWindowTextA
SetClassLongA
LoadBitmapA
SetWindowPos
EndPaint
GetSystemMetrics
IsWindow
AppendMenuA
GetWindowRect
DispatchMessageA
ScreenToClient
SetDlgItemTextA
LoadImageA
GetDlgItemTextA
MessageBoxA
DialogBoxParamA
SetWindowLongA
IsWindowEnabled
GetSysColor
CheckDlgButton
GetDC
FindWindowExA
SystemParametersInfoA
BeginPaint
CreatePopupMenu
wsprintfA
ShowWindow
SetClipboardData
IsWindowVisible
GetClassInfoA
SetForegroundWindow
GetClientRect
SetTimer
GetDlgItem
CreateDialogParamA
DrawTextA
RegisterClassA
InvalidateRect
GetWindowLongA
SendMessageTimeoutA
CreateWindowExA
LoadCursorA
TrackPopupMenu
SendMessageA
FillRect
CharNextA
CallWindowProcA
EnableWindow
CloseClipboard
SetCursor
ExitWindowsEx
OpenClipboard
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
OleUninitialize
CoCreateInstance
OleInitialize
Number of PE resources by type
RT_DIALOG 6
RT_ICON 6
RT_BITMAP 1
RT_GROUP_ICON 1
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 15
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
4.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2005:06:20 22:40:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
23040

LinkerVersion
6.0

FileTypeExtension
exe

InitializedDataSize
120832

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x3330

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
1024

File identification
MD5 5af351f824b70c73a95263c5697c1d06
SHA1 e4d64f1239ee88726bbe3f4c77eff587f74ed704
SHA256 f4ff958747f1015215419fa8915729cf90592106e2d30afe0bad2df71fe3842f
ssdeep
49152:2uAwrENDtmpNlAJw9hRpnwvEWyS/Vlo9to:KkgMAJw9hRWJ1/J

authentihash b5756ebac692d8e432db84c7822193991960a6a2a47b7e053d5c9edf6fc30b8b
imphash b711f65a9aff6a22fb2f57f0ac8bda33
File size 2.0 MB ( 2125249 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID NSIS - Nullsoft Scriptable Install System (94.6%)
Win32 Executable MS Visual C++ (generic) (3.4%)
Win32 Dynamic Link Library (generic) (0.7%)
Win32 Executable (generic) (0.5%)
OS/2 Executable (generic) (0.2%)
Tags
peexe overlay nullsoft nsis upx software-collection

VirusTotal metadata
First submission 2006-10-07 18:25:22 UTC ( 12 years, 3 months ago )
Last submission 2018-11-15 08:40:16 UTC ( 2 months ago )
File names e4e0a7b9c113df526dfe20210c82e100931af5a3.exe
10860-burrrn_package.exe
286581
smona132095480621759226795
burrrn_114beta2_package.exe
burrrn_package 1.14 Beta 2.exe
burrrn_package_v1.14beta2.exe
Burrrn v1.14b2.exe
burrrn_package114beta2.exe
burrrn.exe
burrrn-5071-jetelecharge.exe
file-122992_exe
smona132585142481734642979
E4E0A7B9C113DF526DFE20210C82E100931AF5A3.exe
Burrrn-7076-54284-9490.exe
test.exe
burrrn_package_1_14_beta2.exe
burrrn_package_114b2.exe
burrrn_package (1).exe
smona132095776406154235213
burrrn_package.exe
file
burrrn_package (1.14 beta2).exe
burrrn_package.exe
e4d64f1239ee88726bbe3f4c77eff587f74ed704
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!