× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: fe10b26708a5846d75becaf15e30333d647c60fb71297839604d24cbd8a9b9d7
File name: cee0c21.exe
Detection ratio: 11 / 43
Analysis date: 2012-09-26 20:08:20 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
AhnLab-V3 Trojan/Win32.PornoAsset 20120926
BitDefender Trojan.Generic.KDV.741285 20120926
CAT-QuickHeal (Suspicious) - DNAScan 20120926
Commtouch W32/Falab.F16.gen!Eldorado 20120926
DrWeb Trojan.Necurs.97 20120926
ESET-NOD32 a variant of Win32/Kryptik.AMHS 20120926
F-Prot W32/Falab.F16.gen!Eldorado 20120926
F-Secure Gen:Variant.Symmi.1489 20120926
Fortinet W32/Kryptik.AB!tr 20120926
GData Trojan.Generic.KDV.741285 20120926
Kaspersky UDS:DangerousObject.Multi.Generic 20120926
Yandex 20120926
AntiVir 20120926
Antiy-AVL 20120926
Avast 20120926
AVG 20120926
ByteHero 20120920
ClamAV 20120926
Comodo 20120926
Emsisoft 20120919
eSafe 20120924
Ikarus 20120926
Jiangmin 20120925
K7AntiVirus 20120926
Kingsoft 20120925
McAfee 20120926
McAfee-GW-Edition 20120926
Microsoft 20120926
Norman 20120925
nProtect 20120926
Panda 20120926
PCTools 20120926
Rising 20120925
Sophos 20120926
SUPERAntiSpyware 20120911
Symantec 20120926
TheHacker 20120926
TotalDefense 20120926
TrendMicro 20120926
TrendMicro-HouseCall 20120926
VBA32 20120926
VIPRE 20120926
ViRobot 20120926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-03-26 07:06:26
Entry Point 0x000035EE
Number of sections 3
PE sections
PE imports
GetSystemWindowsDirectoryW
UrlIsOpaqueW
PathGetArgsA
Number of PE resources by type
RT_DIALOG 2
Number of PE resources by language
ENGLISH US 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:03:26 08:06:26+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
747008

LinkerVersion
10.0

EntryPoint
0x35ee

InitializedDataSize
58368

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 4c048bbef9c5ba4e0315a5eccb19ca10
SHA1 4c291d3a41b5c1769c479e3463ae2ac33be0083f
SHA256 fe10b26708a5846d75becaf15e30333d647c60fb71297839604d24cbd8a9b9d7
ssdeep
1536:j+wOaGz7dK6GTEGfVk7w7NGcQAHi35UpUOJTZ7S14AtE4nYEHhqDSvjZjEq4fF:KwEzEZEGfm6NTC3sJTu2aqDSl4fF

authentihash aba3278c0728f6455c546f8f07c5f75902a0488577ce7c2e06a0c1da229cb104
imphash 818054e6921fde141a8f094361d33405
File size 83.5 KB ( 85504 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2012-09-26 11:40:33 UTC ( 4 years, 6 months ago )
Last submission 2014-10-09 23:09:34 UTC ( 2 years, 5 months ago )
File names cee0c21.exe
calc.exe
vti-rescan
4c048bbef9c5ba4e0315a5eccb19ca10
wpbt0.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Runtime DLLs
UDP communications