× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: f905878d1922098029fc0643450ec87bdbbf7fdba3f0a341b8df73c01e34ee68
File name: WindowsUpdateAgent7.6.7600.256-257.zip
Detection ratio: 0 / 46
Analysis date: 2013-08-21 08:12:33 UTC ( 5 years, 8 months ago ) View latest
Antivirus Result Update
Yandex 20130820
AhnLab-V3 20130820
AntiVir 20130821
Antiy-AVL 20130821
Avast 20130821
AVG 20130820
BitDefender 20130821
ByteHero 20130814
CAT-QuickHeal 20130821
ClamAV 20130821
Commtouch 20130821
Comodo 20130821
DrWeb 20130821
Emsisoft 20130821
ESET-NOD32 20130820
F-Prot 20130821
F-Secure 20130821
Fortinet 20130821
GData 20130821
Ikarus 20130821
Jiangmin 20130821
K7AntiVirus 20130820
K7GW 20130820
Kaspersky 20130821
Kingsoft 20130723
Malwarebytes 20130821
McAfee 20130821
McAfee-GW-Edition 20130820
Microsoft 20130821
eScan 20130821
NANO-Antivirus 20130821
Norman 20130821
nProtect 20130821
Panda 20130820
PCTools 20130821
Rising 20130821
Sophos AV 20130821
SUPERAntiSpyware 20130821
Symantec 20130821
TheHacker 20130821
TotalDefense 20130820
TrendMicro 20130821
TrendMicro-HouseCall 20130821
VBA32 20130820
VIPRE 20130821
ViRobot 20130821
The file being studied is a Portable Executable file! More specifically, it is a ZIP file.
FileVersionInfo properties
Publisher House
Version 2, 5, 3, 2
File version 5, 2, 9, 1
Description Depo
Packers identified
Command Aspack
F-PROT UPX
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-07-15 14:07:16
Entry Point 0x00003C61
Number of sections 4
PE sections
PE imports
HeapFree
GetStdHandle
LCMapStringW
SetHandleCount
GetOEMCP
LCMapStringA
HeapDestroy
HeapAlloc
GetEnvironmentStringsW
GetVersionExA
GetModuleFileNameA
RtlUnwind
LoadLibraryA
FreeEnvironmentStringsA
GetStartupInfoA
GetEnvironmentStrings
GetCPInfo
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
WideCharToMultiByte
GetStringTypeA
GetModuleHandleA
WriteFile
GetCurrentProcess
DeleteFileW
GetACP
HeapReAlloc
GetStringTypeW
TerminateProcess
GetEnvironmentVariableA
HeapCreate
VirtualFree
GetFileType
ExitProcess
GetVersion
VirtualAlloc
IsDlgButtonChecked
PE exports
Number of PE resources by type
RT_RCDATA 380
RT_ICON 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL DEFAULT 380
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/zip

ZipRequiredVersion
10

ZipCRC
0x00000000

FileType
ZIP

ZipCompression
None

ZipUncompressedSize
0

ZipCompressedSize
0

FileTypeExtension
zip

ZipFileName
WindowsUpdateAgent7.6.7600.256-257/

ZipBitFlag
0

ZipModifyDate
2013:08:02 23:45:36

File identification
MD5 51bad05027eae71e1cca90d8f7e3af2e
SHA1 0694b1b20500c06c6c54a26fabaa6f1ad9359ce1
SHA256 f905878d1922098029fc0643450ec87bdbbf7fdba3f0a341b8df73c01e34ee68
ssdeep
12288:yYqUn4cdXeR23AB4HwGynTkspvlQ85BVxsSjYOSmL/z2mox6l1ivaS24W0YW:yPcdOR2304HCTkspvDRxsmD7ox6l1Waw

File size 698.6 KB ( 715325 bytes )
File type ZIP
Magic literal
Zip archive data, at least v1.0 to extract

TrID ZIP compressed archive (80.0%)
PrintFox/Pagefox bitmap (var. P) (20.0%)
Tags
contains-pe zip upx

VirusTotal metadata
First submission 2013-08-21 08:12:33 UTC ( 5 years, 8 months ago )
Last submission 2018-07-24 19:41:22 UTC ( 8 months, 4 weeks ago )
File names WindowsUpdateAgent7.6.7600.256-257.zip
WindowsUpdateAgent7[2].6.7600.256-257.zip
file-6001107_zip
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!