× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f812c3ebc2fb0d1c935fa9ed71ddb84f60f5c94f3605263bd91133f7328965ca
File name: 435730
Detection ratio: 22 / 56
Analysis date: 2016-03-31 18:10:07 UTC ( 2 years, 11 months ago ) View latest
Antivirus Result Update
AegisLab Nettool.W32.Gen!c 20160331
Avast Win32:ICQMonitor [PUP] 20160331
Comodo UnclassifiedMalware 20160331
Cyren W32/Spyware.IWQF-4528 20160331
DrWeb Tool.Siggen.2777 20160331
ESET-NOD32 a variant of Win32/AIMSniffer.A potentially unsafe 20160331
Fortinet Riskware/ICQMonitor 20160330
GData Win32.Application.Agent.QUAWSN 20160331
Ikarus not-a-virus:NetTool.Win32.ICQMonitor 20160331
Kaspersky not-a-virus:NetTool.Win32.ICQMonitor.11 20160331
Malwarebytes Trojan.AIMSniffer 20160331
McAfee Generic PUP.z 20160331
McAfee-GW-Edition BehavesLike.Win32.Trojan.dc 20160331
NANO-Antivirus Riskware.Win32.ICQMonitor.qovzj 20160331
Panda Trj/CI.A 20160331
Qihoo-360 Win32/Trojan.Dropper.30f 20160331
Rising PE:Malware.Generic/QRS!1.9E2D [F] 20160331
Sophos AV Mal/Generic-S 20160331
Symantec Spyware.IMMonitor 20160331
VIPRE NetTool.Win32.ICQMonitor.11 (not malicious) 20160331
ViRobot Adware.Icqmonitor.996578[h] 20160331
Yandex HackTool.ICQMonitor!eE+ftLXoSyI 20160316
Ad-Aware 20160331
AhnLab-V3 20160330
Alibaba 20160323
ALYac 20160331
Antiy-AVL 20160331
Arcabit 20160331
AVG 20160331
AVware 20160331
Baidu 20160331
Baidu-International 20160331
BitDefender 20160331
Bkav 20160331
CAT-QuickHeal 20160331
ClamAV 20160331
CMC 20160322
Emsisoft 20160331
F-Prot 20160331
F-Secure 20160331
Jiangmin 20160331
K7AntiVirus 20160331
K7GW 20160331
Kingsoft 20160331
Microsoft 20160331
eScan 20160331
nProtect 20160331
SUPERAntiSpyware 20160331
Tencent 20160331
TheHacker 20160330
TotalDefense 20160330
TrendMicro 20160331
TrendMicro-HouseCall 20160331
VBA32 20160331
Zillya 20160331
Zoner 20160331
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2008 IMDetect

File version 3.0
Description IMDetect AIM Sniffer
Packers identified
F-PROT NSIS, nameless, appended, ZIP
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2001-10-25 19:47:11
Entry Point 0x000021AF
Number of sections 4
PE sections
Overlays
MD5 2d1fa733c6c7dc394030d427482fb7df
File type data
Offset 14848
Size 981730
Entropy 8.00
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
GetDeviceCaps
SelectPalette
SelectObject
PatBlt
CreateFontA
CreatePalette
GetStockObject
TextOutA
CreateSolidBrush
SetBkMode
DeleteObject
RealizePalette
SetTextColor
StretchDIBits
GetLastError
lstrlenA
GlobalFree
FreeLibrary
ExitProcess
GetVersionExA
GlobalUnlock
GetModuleFileNameA
LoadLibraryA
WinExec
OpenFile
GetCurrentProcess
_lwrite
lstrcatA
GetWindowsDirectoryA
SetErrorMode
_llseek
GetCommandLineA
GetProcAddress
_lread
GetTempPathA
_lcreat
_lclose
GetModuleHandleA
lstrcpyA
_lopen
MulDiv
GetTempFileNameA
GlobalLock
LocalFree
GlobalAlloc
FormatMessageA
DrawTextA
CreateWindowExA
RegisterClassA
LoadIconA
LoadCursorA
ReleaseDC
EndPaint
BeginPaint
MessageBoxA
ExitWindowsEx
SendMessageA
GetClientRect
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
ShowWindow
UpdateWindow
wsprintfA
GetDC
InvalidateRect
PE exports
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
4.0

FileVersionNumber
3.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
IMDetect AIM Sniffer

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit, Removable run from swap

CharacterSet
Windows, Latin1

InitializedDataSize
5632

EntryPoint
0x21af

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
3.0

TimeStamp
2001:10:25 19:47:11+00:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
2008 IMDetect

MachineType
Intel 386 or later, and compatibles

CompanyName
IMDetect

CodeSize
8704

FileSubtype
0

ProductVersionNumber
3.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 623a9caeebbfa7394943c8eaef20ec0b
SHA1 1a31085a1bbc690853be0d919f2ec658cded6937
SHA256 f812c3ebc2fb0d1c935fa9ed71ddb84f60f5c94f3605263bd91133f7328965ca
ssdeep
24576:tHJduFt5NIDLGqq2f4OTqCucBMcJVvEcutatVC49eT7WFOJkXR1m9O1h:FJMM/YYqCucbnHYSVC44T7wSkXfOAh

authentihash ddb519b5b497c24799360df647bb4bed5f8535bf660b3556593bfea6bfff4a71
imphash e41c25ab7824b3df73334188c40518ae
File size 973.2 KB ( 996578 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Wise Installer executable (91.3%)
Win64 Executable (generic) (5.3%)
Win32 Dynamic Link Library (generic) (1.2%)
Win32 Executable (generic) (0.8%)
OS/2 Executable (generic) (0.3%)
Tags
nsis peexe overlay

VirusTotal metadata
First submission 2008-03-07 11:56:36 UTC ( 11 years ago )
Last submission 2018-07-27 07:22:49 UTC ( 7 months, 3 weeks ago )
File names xPiUbdtM.ocx
623a9caeebbfa7394943c8eaef20ec0b
aa
VirusShare_623a9caeebbfa7394943c8eaef20ec0b
AimMonitor_trial_setup.exe
f812c3ebc2fb0d1c935fa9ed71ddb84f60f5c94f3605263bd91133f7328965ca
AimMonitor_trial_setup.exe-iJzmBU
1340718118-AimMonitor_trial_setup.exe
623A9CAEEBBFA7394943C8EAEF20EC0B
AimMonitor_trial_setup.exe
623a9caeebbfa7394943c8eaef20ec0b.exe
435730
Ydgmq_.caj
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!