× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: faa3c17cc4442b8ae60ad39f0ae80a1578dc4f82861e9ad05861acd1e208b6d5
File name: b.exe
Detection ratio: 5 / 41
Analysis date: 2009-07-22 15:30:15 UTC ( 7 years, 10 months ago ) View latest
Antivirus Result Update
Jiangmin Heur:Backdoor/Huigezi 20090722
McAfee Bublik 20090721
McAfee+Artemis Bublik 20090721
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Dropper.L 20090722
Sophos Mal/Behav-214 20090722
a-squared 20090722
AhnLab-V3 20090722
AntiVir 20090722
Antiy-AVL 20090722
Authentium 20090722
Avast 20090721
AVG 20090722
BitDefender 20090722
CAT-QuickHeal 20090722
ClamAV 20090722
Comodo 20090722
DrWeb 20090722
eSafe 20090721
eTrust-Vet 20090722
F-Prot 20090722
F-Secure 20090722
Fortinet 20090722
GData 20090722
Ikarus 20090722
K7AntiVirus 20090721
Kaspersky 20090722
Microsoft 20090722
NOD32 20090722
Norman 20090721
nProtect 20090722
Panda 20090721
PCTools 20090722
Prevx 20090722
Rising 20090722
Sunbelt 20090721
Symantec 20090722
TheHacker 20090721
TrendMicro 20090722
VBA32 20090722
ViRobot 20090722
VirusBuster 20090721
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-07-15 06:44:46
Entry Point 0x00001710
Number of sections 4
PE sections
PE imports
CloseServiceHandle
RegCloseKey
OpenServiceA
CreateServiceA
RegQueryValueExA
RegSetValueExA
StartServiceA
ChangeServiceConfig2A
RegOpenKeyExA
RegCreateKeyA
OpenSCManagerA
GetLastError
HeapFree
GetStdHandle
LCMapStringW
lstrlenA
lstrcmpiA
GlobalFree
GetOEMCP
LCMapStringA
ExitProcess
FlushFileBuffers
GetModuleFileNameA
RtlUnwind
LoadLibraryA
GetCurrentProcess
SizeofResource
GetStringTypeW
lstrcatA
LockResource
GetWindowsDirectoryA
SetErrorMode
MultiByteToWideChar
GetProcAddress
SetStdHandle
GetModuleHandleA
GetCPInfo
GetStringTypeA
SetFilePointer
ReadFile
lstrcpyA
CloseHandle
GetACP
HeapReAlloc
MoveFileExA
TerminateProcess
WideCharToMultiByte
LoadResource
WriteFile
GlobalAlloc
VirtualFree
GetFileType
SetEndOfFile
CreateFileA
HeapAlloc
FindResourceA
VirtualAlloc
ShellExecuteA
wsprintfA
Number of PE resources by type
EXE 1
Number of PE resources by language
CHINESE SIMPLIFIED 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2009:07:15 07:44:46+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
20480

LinkerVersion
6.0

EntryPoint
0x1710

InitializedDataSize
126976

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 da0a41f75331d804a85801ac9ac09a26
SHA1 aaab433ae635843ef87a549470a09a48eda2446e
SHA256 faa3c17cc4442b8ae60ad39f0ae80a1578dc4f82861e9ad05861acd1e208b6d5
ssdeep
1536:U0MzBpB+L7B3twC9J1tgdJhWKPpCsP3lVzNkAIObFnToIfmz7hN:UB87B3txvodJ/pCsPzzNpbtTBfmz7hN

authentihash 9a36c7331c79c4bdfd5fa456fc5ce39aee40ab8c3dbf9d5f3f308b04976a9c92
imphash caf806a220e13e3420b936a81f45d0be
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2009-07-22 15:30:15 UTC ( 7 years, 10 months ago )
Last submission 2015-11-03 23:23:13 UTC ( 1 year, 6 months ago )
File names file___
Behaviour characterization
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!