× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fdddd696fb235cefa4b8bc41caa3578e90728553357a234e544fbea5d37c6e0c
File name: Trainer-UPX-Mod.exe
Detection ratio: 9 / 43
Analysis date: 2012-02-02 05:42:37 UTC ( 5 years, 1 month ago ) View latest
Antivirus Result Update
BitDefender Gen:Variant.Kazy.28717 20120202
eSafe Suspicious File 20120130
F-Secure Gen:Variant.Kazy.28717 20120202
GData Gen:Variant.Kazy.28717 20120202
McAfee-GW-Edition Heuristic.BehavesLike.Win32.ModifiedUPX.F!87 20120202
nProtect Gen:Variant.Kazy.28717 20120201
TheHacker Posible_Worm32 20120202
TrendMicro PAK_Generic.001 20120201
TrendMicro-HouseCall PAK_Generic.001 20120202
AhnLab-V3 20120201
AntiVir 20120201
Antiy-AVL 20120131
Avast 20120202
AVG 20120202
ByteHero 20120126
CAT-QuickHeal 20120202
ClamAV 20120202
Commtouch 20120201
Comodo 20120202
DrWeb 20120202
Emsisoft 20120202
eTrust-Vet 20120201
F-Prot 20120201
Fortinet 20120202
Ikarus 20120202
Jiangmin 20120201
K7AntiVirus 20120201
Kaspersky 20120202
McAfee 20120202
Microsoft 20120201
NOD32 20120202
Norman 20120201
Panda 20120201
PCTools 20120201
Prevx 20120202
Rising 20120118
Sophos 20120202
SUPERAntiSpyware 20120202
Symantec 20120202
VBA32 20120131
VIPRE 20120202
ViRobot 20120202
VirusBuster 20120202
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
File version 1.0.0.0
PE header basic information
Number of sections 3
PE sections
PE imports
OpenProcessToken
InitCommonControls
SetBkMode
LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
EnumProcesses
ShellExecuteA
ExifTool file metadata
UninitializedDataSize
135168

InitializedDataSize
20480

ImageVersion
1.0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
ASCII

LinkerVersion
2.56

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2012:02:02 05:47:27+01:00

FileType
Win32 EXE

PEType
PE32

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
81920

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x34ff0

ObjectFileType
Executable application

File identification
MD5 c0776fe48afd67503c1f2181bdd9e071
SHA1 cb6289ac343ed14712e5c0997ae4f7480ee864fb
SHA256 fdddd696fb235cefa4b8bc41caa3578e90728553357a234e544fbea5d37c6e0c
ssdeep
1536:TWwm0iBGmqAbivvzMzZ7kdGduF94NN5VI7eYZ3EY8GUQSYC0ulZW:CVP7iTMHuF94JV4TUQtC

File size 94.0 KB ( 96256 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 EXE Yoda's Crypter (56.8%)
Win32 Executable Generic (18.2%)
Win32 Dynamic Link Library (generic) (16.2%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%)
VirusTotal metadata
First submission 2012-02-02 05:42:37 UTC ( 5 years, 1 month ago )
Last submission 2012-02-02 19:10:16 UTC ( 5 years, 1 month ago )
File names Trainer-UPX-Mod.exe
c0776fe48afd67503c1f2181bdd9e071
file-3495617_exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!