Second file results:
(similar preamble about file already having been analysed)
(devil 1, angel 0)
SHA256: deef30e052eaa8220a8c9868aa45cc3532d6b5a4b34e439421d55c6a4d207f21
SHA1: 119c915604c4d8a5de3d7357dc2401fdddadbfd7
MD5: b9693ffe7ada752dbe588c0e004df4c4
File size: 72.0 KB ( 73728 bytes )
File name: _IsIcoRes.exe
File type: Win32 EXE
Detection ratio: 0 / 46
Analysis date: 2013-05-03 00:59:16 UTC ( 11 minutes ago )
0
1
Less details
Analysis
Additional information
Comments
Votes
Antivirus Result Update
Agnitum 20130502
AhnLab-V3 20130502
AntiVir 20130503
Antiy-AVL 20130502
Avast 20130503
AVG 20130502
BitDefender 20130503
ByteHero 20130430
CAT-QuickHeal 20130502
ClamAV 20130503
Commtouch 20130503
Comodo 20130503
DrWeb 20130503
Emsisoft 20130503
eSafe 20130501
ESET-NOD32 20130502
F-Prot 20130502
F-Secure 20130503
Fortinet 20130503
GData 20130503
Ikarus 20130503
Jiangmin 20130502
K7AntiVirus 20130502
K7GW 20130502
Kaspersky 20130503
Kingsoft 20130502
Malwarebytes 20130503
McAfee 20130503
McAfee-GW-Edition 20130502
Microsoft 20130503
MicroWorld-eScan 20130503
NANO-Antivirus 20130503
Norman 20130502
nProtect 20130502
Panda 20130502
PCTools 20130502
Sophos 20130503
SUPERAntiSpyware 20130503
Symantec 20130503
TheHacker 20130502
TotalDefense 20130502
TrendMicro 20130503
TrendMicro-HouseCall 20130503
VBA32 20130502
VIPRE 20130503
ViRobot 20130503
from the additional info tab:
ssdeep
768:SMAyAdTmPJbgqcnDccThMsBmsmBaEX3bsvL7cxjKcL9d:SdU81cc9MmIFXya9d
TrID
Win32 Executable MS Visual C++ (generic) (64.5%)
Win32 Dynamic Link Library (generic) (13.6%)
Win32 Executable (generic) (13.4%)
Generic Win/DOS Executable (4.1%)
DOS Executable Generic (4.1%)
PEiD packer identifier
Armadillo v1.71
ExifTool
SubsystemVersion.........: 4.0
InitializedDataSize......: 53248
ImageVersion.............: 0.0
ProductName..............: InstallShield
FileVersionNumber........: 12.0.0.58849
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 6.0
OriginalFilename.........: _IsIcoRes.exe
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 12.0.58849
TimeStamp................: 2007:01:20 07:15:38+01:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: _IsIcoRes.exe
FileAccessDate...........: 2013:05:03 01:59:41+01:00
ProductVersion...........: 12.0
FileDescription..........: InstallShield
OSVersion................: 4.0
FileCreateDate...........: 2013:05:03 01:59:41+01:00
FileOS...................: Windows NT 32-bit
LegalCopyright...........: Copyright (C) 2006 Macrovision Corporation
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Macrovision Corporation
CodeSize.................: 16384
FileSubtype..............: 0
ProductVersionNumber.....: 12.0.0.0
EntryPoint...............: 0x1005
ObjectFileType...........: Executable application
Sigcheck
publisher................: Macrovision Corporation
product..................: InstallShield
internal name............: _IsIcoRes.exe
copyright................: Copyright (C) 2006 Macrovision Corporation
original name............: _IsIcoRes.exe
file version.............: 12.0.58849
description..............: InstallShield
Portable Executable structural information
Compilation timedatestamp.....: 2007-01-20 06:15:38
Target machine................: Intel 386 or later processors and compatible processors
Entry point address...........: 0x00001005
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 13742 16384 5.95 125d4361997b933c25cdfaa441c403f6
.rdata 20480 1952 4096 3.17 15e13969f0737bb4ec50592b029c02f2
.data 24576 10716 12288 0.36 9b57a8510b2e985a48115bbaee120bb5
.rsrc 36864 36676 36864 5.39 4ba0d276eb6299f76d3bfa93dc0a4dba
PE Imports....................:
[[KERNEL32.dll]]
HeapFree, GetStdHandle, LCMapStringW, SetHandleCount, GetOEMCP, LCMapStringA, HeapDestroy, ExitProcess, GetEnvironmentStringsW, GetVersionExA, GetModuleFileNameA, RtlUnwind, LoadLibraryA, FreeEnvironmentStringsA, GetStartupInfoA, GetEnvironmentStrings, GetCPInfo, UnhandledExceptionFilter, MultiByteToWideChar, FreeEnvironmentStringsW, GetCommandLineA, GetProcAddress, WideCharToMultiByte, GetStringTypeA, GetModuleHandleA, WriteFile, GetCurrentProcess, GetACP, HeapReAlloc, GetStringTypeW, TerminateProcess, GetEnvironmentVariableA, HeapCreate, VirtualFree, GetFileType, HeapAlloc, GetVersion, VirtualAlloc
PE Resources..................:
Resource type Number of resources
RT_ICON 5
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Resource language Number of resources
NEUTRAL 7
ENGLISH US 1
Symantec Reputation
Suspicious.Insight
ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: »
www.clamav.net/index.php ··· &lang=en .
First seen by VirusTotal
2012-04-05 03:16:23 UTC ( 1 year ago )
Last seen by VirusTotal
2013-05-03 00:59:16 UTC ( 12 minutes ago )
File names (max. 25)
SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
ARPPRODUCTICON.exe
00D8E06B0033AE2820C20131601FE50015D6202D.exe
ARPPRODUCTICON.exe
SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
A0019751.exe
file-4563098_exe
_IsIcoRes.exe