× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4b20fd22d443cfcabe50c69da681dbd02790c68bf9c96143508f53512b6f6dcf
File name: Cluster Rybka 5.exe
Detection ratio: 0 / 50
Analysis date: 2014-02-19 23:53:15 UTC ( 4 bliain, 10 mí ago ) View latest
Antivirus Result Update
Ad-Aware 20140219
Yandex 20140219
AhnLab-V3 20140219
AntiVir 20140219
Antiy-AVL 20140219
Avast 20140219
AVG 20140219
Baidu-International 20140219
BitDefender 20140219
Bkav 20140219
ByteHero 20140220
CAT-QuickHeal 20140219
ClamAV 20140219
CMC 20140213
Commtouch 20140219
Comodo 20140219
DrWeb 20140219
Emsisoft 20140219
ESET-NOD32 20140220
F-Prot 20140219
F-Secure 20140219
Fortinet 20140219
GData 20140219
Ikarus 20140219
Jiangmin 20140219
K7AntiVirus 20140219
K7GW 20140219
Kaspersky 20140219
Kingsoft 20140220
Malwarebytes 20140219
McAfee 20140219
McAfee-GW-Edition 20140219
Microsoft 20140220
eScan 20140220
NANO-Antivirus 20140219
Norman 20140219
nProtect 20140219
Panda 20140219
Qihoo-360 20140220
Rising 20140219
Sophos AV 20140220
SUPERAntiSpyware 20140219
Symantec 20140220
TheHacker 20140218
TotalDefense 20140219
TrendMicro 20140220
TrendMicro-HouseCall 20140219
VBA32 20140219
VIPRE 20140219
ViRobot 20140219
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem that targets 64bit architectures.
PE header basic information
Target machine x64
Compilation timestamp 2008-07-29 06:35:59
Entry Point 0x000D3560
Number of sections 5
PE sections
PE imports
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetDriveTypeA
FlsGetValue
FlsSetValue
FreeEnvironmentStringsA
CreatePipe
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
OpenFileMappingA
GetLogicalDrives
FreeEnvironmentStringsW
SetStdHandle
GetCPInfo
GetStringTypeA
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
InitializeCriticalSection
FindClose
SetLastError
PeekNamedPipe
GetNumberOfConsoleInputEvents
ExitProcess
FlushFileBuffers
GetModuleFileNameA
HeapSetInformation
RtlVirtualUnwind
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
DeleteCriticalSection
SetUnhandledExceptionFilter
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
WriteConsoleA
VirtualQuery
SetEndOfFile
GetCurrentThreadId
HeapCreate
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
GetVersionExA
LoadLibraryA
GetStartupInfoA
GetProcAddress
GetProcessHeap
CompareStringW
FindFirstFileA
RtlLookupFunctionEntry
CompareStringA
CreateFileMappingA
DuplicateHandle
RtlUnwindEx
GetTimeZoneInformation
IsDebuggerPresent
GetFileType
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
FlushConsoleInputBuffer
LCMapStringW
UnmapViewOfFile
GetSystemInfo
GetConsoleCP
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
FlsAlloc
GetCommandLineA
FlsFree
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
RtlCaptureContext
CloseHandle
GetACP
CreateProcessA
WideCharToMultiByte
SetConsoleMode
Sleep
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
AMD AMD64

TimeStamp
2008:07:29 07:35:59+01:00

FileType
Win64 EXE

PEType
PE32+

CodeSize
951296

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
1996800

SubsystemVersion
5.2

EntryPoint
0xd3560

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 e727fa7ec6f46a65ff22d427fb76de39
SHA1 5d231e8c849cc4650fb3e85f4791ab7e887f2f75
SHA256 4b20fd22d443cfcabe50c69da681dbd02790c68bf9c96143508f53512b6f6dcf
ssdeep
49152:KH+Jvlpt2cY+iJv/TnmQV7VJ/lptvSY+9JS/Tn54V7qTeqOMXJkPm+E0BiTkG:KH+Jvlpt2cY+iJv/TnmQV7VJ/lptvSY1

authentihash 04db34749386432fb4c204404b995f72913d830369302cac547cd010c9bdc8fe
imphash 09da4025e7cd1b136c55e457123776a0
File size 2.8 MB ( 2949120 bytes )
File type Win32 EXE
Magic literal
PE32+ executable for MS Windows (console) Mono/.Net assembly

TrID Win64 Executable (generic) (61.7%)
Windows screen saver (29.2%)
Generic Win/DOS Executable (4.4%)
DOS Executable Generic (4.4%)
Tags
64bits peexe assembly

VirusTotal metadata
First submission 2013-12-15 09:17:42 UTC ( 5 bliain ago )
Last submission 2017-04-16 07:52:08 UTC ( 1 bliain, 8 mí ago )
File names Cluster Rybka 5.exe
Rybka 5 Cluster.exe
Cluster Rybka 5.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!