× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4c4256ce34eaf7b614817850a01ac7b2a4c1bb2b2986dc521096b6a466ee61b3
File name: 2218019d6751079010f6fb1e5c50ef80
Detection ratio: 39 / 55
Analysis date: 2015-02-02 11:02:17 UTC ( 2 years, 9 months ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Kazy.339021 20150202
AhnLab-V3 Win-Trojan/Agent.133632.IT 20150202
Antiy-AVL Trojan[Backdoor]/Win32.Androm 20150202
Avast Win32:Trojan-gen 20150202
AVG Generic_r.DOX 20150202
Avira (no cloud) TR/Crypt.XPACK.Gen7 20150202
BitDefender Gen:Variant.Kazy.339021 20150202
CAT-QuickHeal TrojanDownloader.Kuluoz.D3 20150202
CMC Packed.Win32.Reveton.1!O 20150202
Comodo TrojWare.Win32.Kryptik.BVPL 20150202
Cyren W32/Trojan.EKGT-5412 20150202
DrWeb BackDoor.Kuluoz.4 20150202
Emsisoft Gen:Variant.Kazy.339021 (B) 20150202
ESET-NOD32 a variant of Win32/Kryptik.BVJU 20150202
F-Prot W32/Trojan3.HNC 20150202
F-Secure Gen:Variant.Kazy.339021 20150201
Fortinet W32/Asprox.B!tr 20150202
GData Gen:Variant.Kazy.339021 20150202
Ikarus Backdoor.Win32.Androm 20150202
K7AntiVirus Backdoor ( 0040f7921 ) 20150202
K7GW Backdoor ( 0040f7921 ) 20150130
Kaspersky Backdoor.Win32.Androm.bnwl 20150202
Malwarebytes Trojan.Downloader 20150202
McAfee Trojan-FDQB 20150202
McAfee-GW-Edition BehavesLike.Win32.Xorad.ch 20150202
Microsoft TrojanDownloader:Win32/Kuluoz.D 20150202
eScan Gen:Variant.Kazy.339021 20150202
NANO-Antivirus Trojan.Win32.Androm.ctpqeq 20150202
Norman Gamarue.BES 20150202
Panda Trj/Genetic.gen 20150201
Rising PE:Malware.FakeDOC@CV!1.9C3B 20150130
Sophos AV Troj/Bredo-AMJ 20150202
SUPERAntiSpyware Trojan.Agent/Gen-ZAccess 20150201
Symantec Trojan.Zeroaccess 20150202
TotalDefense Win32/Tnega.cMMAXM 20150201
TrendMicro BKDR_KULUOZ.SM99 20150202
TrendMicro-HouseCall BKDR_KULUOZ.SM99 20150202
VBA32 Backdoor.Androm 20150202
VIPRE Trojan.Win32.Kuluoz.bb (v) 20150202
AegisLab 20150202
Yandex 20150201
Alibaba 20150201
Baidu-International 20150202
Bkav 20150202
ByteHero 20150202
ClamAV 20150202
Jiangmin 20150131
Kingsoft 20150202
nProtect 20150130
Qihoo-360 20150202
Tencent 20150202
TheHacker 20150131
ViRobot 20150202
Zillya 20150202
Zoner 20150130
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2010, Masterra.

Publisher
Product Magic Collection for PostSmile
File version
Description Magic Collection for PostSmile Setup
Comments This installation was built with Inno Setup.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-02-18 19:41:30
Entry Point 0x00019EE0
Number of sections 4
PE sections
PE imports
SetSecurityDescriptorDacl
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyA
RegCloseKey
RegisterEventSourceW
RegSetValueExW
DeregisterEventSource
RegQueryValueExA
ReportEventW
RegOpenKeyExW
RegCreateKeyW
CloseEventLog
OpenEventLogW
ReadEventLogW
ClearEventLogW
RegOpenKeyExA
GetUserNameW
IsTextUnicode
RegQueryValueExW
InitializeSecurityDescriptor
CreateStatusWindowW
PrintDlgExW
GetOpenFileNameW
GetFileTitleW
ChooseFontW
GetSaveFileNameW
FindTextW
ReplaceTextW
CommDlgExtendedError
PageSetupDlgW
GetTextMetricsW
SetMapMode
TextOutW
CreateFontIndirectW
EnumFontsW
GetTextMetricsA
LPtoDP
GetDeviceCaps
DeleteDC
SetBkMode
EndDoc
StartPage
DeleteObject
GetObjectW
CreateDCW
GetTextExtentPointW
SetAbortProc
GetTextFaceW
GetStockObject
EndPage
GetTextExtentPoint32W
AbortDoc
SetWindowExtEx
SetViewportExtEx
SelectObject
StartDocW
WaitForSingleObject
GetFileAttributesW
GetLocalTime
GetCurrentProcess
LocalAlloc
SetErrorMode
GetFileInformationByHandle
lstrcatW
GetLocaleInfoW
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
FreeLibrary
LocalFree
FormatMessageW
LoadResource
FindClose
SetLastError
GetUserDefaultUILanguage
LocalLock
GetModuleFileNameW
ExitProcess
lstrcmpiW
UnhandledExceptionFilter
MultiByteToWideChar
FoldStringW
GetModuleHandleA
CreateThread
CreateSemaphoreW
MulDiv
TerminateProcess
SetUnhandledExceptionFilter
GlobalAlloc
SetEndOfFile
GetVersion
GetProcAddress
TerminateThread
SetEvent
QueryPerformanceCounter
GetTickCount
LoadLibraryA
GetStartupInfoA
GetWindowsDirectoryW
OpenProcess
GetWindowsDirectoryA
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
GetComputerNameW
CompareStringW
lstrcpyW
ExpandEnvironmentStringsW
FindFirstFileW
lstrcmpW
GlobalLock
LocalSize
CreateFileW
GetCurrentThreadId
LocalUnlock
GetLastError
LocalReAlloc
CreateFileMappingW
GetSystemInfo
GlobalFree
GetTimeFormatW
GlobalUnlock
lstrlenW
GetCurrentProcessId
ProcessIdToSessionId
GetCommandLineW
InterlockedCompareExchange
lstrcpynW
ReleaseSemaphore
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
UnmapViewOfFile
FindResourceExW
Sleep
OpenSemaphoreW
VirtualAlloc
DragAcceptFiles
DragQueryFileW
DragFinish
ShellAboutW
GetForegroundWindow
PostQuitMessage
SetActiveWindow
GetDC
GetCursorPos
ReleaseDC
GetDlgCtrlID
SendMessageW
GetClientRect
SetScrollPos
IsClipboardFormatAvailable
LoadImageW
GetWindowTextW
LoadAcceleratorsW
DestroyWindow
GetParent
UpdateWindow
GetMessageW
ShowWindow
GetMenuState
PeekMessageW
EnableWindow
SetWindowPlacement
CharUpperW
LoadIconW
ChildWindowFromPoint
TranslateMessage
GetDlgItemTextW
RegisterClassW
GetWindowPlacement
LoadStringW
IsIconic
GetSubMenu
SetTimer
UnhookWinEvent
IsDialogMessageW
CreateWindowExW
GetWindowLongW
CharNextW
SetFocus
RegisterWindowMessageW
DefWindowProcW
KillTimer
DefWindowProcA
GetSystemMetrics
SetWindowLongW
EnumChildWindows
CharLowerW
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CheckMenuItem
SetWindowTextW
GetDlgItem
ScreenToClient
LoadCursorA
LoadIconA
IsDlgButtonChecked
GetDesktopWindow
GetKeyboardLayout
LoadCursorW
GetSystemMenu
DispatchMessageW
SetForegroundWindow
OpenClipboard
DrawTextExW
EndDialog
SetWinEventHook
MessageBeep
MessageBoxW
GetMenu
RegisterClassExW
SetDlgItemTextA
MoveWindow
DialogBoxParamW
AppendMenuW
GetSysColor
SetDlgItemTextW
EnableMenuItem
WinHelpW
InvalidateRect
CallWindowProcW
GetFocus
wsprintfW
CloseClipboard
TranslateAcceleratorW
DefDlgProcW
SetCursor
wcsncmp
__p__fmode
malloc
realloc
_cexit
_snwprintf
calloc
isprint
swprintf
isdigit
_vsnwprintf
_except_handler3
wcslen
_c_exit
wcscmp
memcpy
__initenv
_wtol
exit
_XcptFilter
wprintf
__setusermatherr
wcsncpy
__p__commode
localtime
_acmdln
_wcsicmp
tolower
iswctype
_adjust_fdiv
_wmakepath
free
sprintf
_wsplitpath
__getmainargs
_wgetcwd
_controlfp
wcscat
strchr
swscanf
wcscpy
time
_initterm
_exit
_wtoi
__set_app_type
Number of PE resources by type
RT_STRING 6
RT_ICON 3
RT_VERSION 1
RT_RCDATA 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 5
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
This installation was built with Inno Setup.

InitializedDataSize
22528

ImageVersion
0.0

ProductName
Magic Collection for PostSmile

FileVersionNumber
0.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2014:02:18 20:41:30+01:00

FileType
Win32 EXE

PEType
PE32

FileAccessDate
2015:02:02 12:02:24+01:00

FileDescription
Magic Collection for PostSmile Setup

OSVersion
5.0

FileCreateDate
2015:02:02 12:02:24+01:00

FileOS
Win32

LegalCopyright
Copyright 1999-2010, Masterra.

MachineType
Intel 386 or later, and compatibles

CodeSize
110080

FileSubtype
0

ProductVersionNumber
0.0.0.0

EntryPoint
0x19ee0

ObjectFileType
Executable application

File identification
MD5 2218019d6751079010f6fb1e5c50ef80
SHA1 b90ee01b26880dfdf16bb4e6c65f609c87b65cc9
SHA256 4c4256ce34eaf7b614817850a01ac7b2a4c1bb2b2986dc521096b6a466ee61b3
ssdeep
3072:I3N8m6Kt/lL2jpNu1nLX9ljjjjjjjjjGSxm85yi7JR:ytwju1nLDxm8

authentihash e0b016e1b2664c1582742aa7d6b288789d7b0910b7b2955e9842c65b47d799c7
imphash dcb419a480197d69e60957dacb206a6d
File size 130.5 KB ( 133632 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-02-02 11:02:17 UTC ( 2 years, 9 months ago )
Last submission 2015-02-02 11:02:17 UTC ( 2 years, 9 months ago )
File names 2218019d6751079010f6fb1e5c50ef80
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs