× Cookies sind ausgeschaltet! Diese Seite erfordert aktivierte Cookies, um vollständig zu funktionieren.
SHA256: fc7c5ddb41bf8c47553fef87aec6a378cb015d41c56c4a020c9bd79b52947a81
Dateiname: Shadow and Ash.exe
Erkennungsrate: 0 / 56
Analyse-Datum: 2015-10-05 15:48:35 UTC ( vor 2 Jahre, 2 Monate )
Antivirus Ergebnis Aktualisierung
Ad-Aware 20151005
AegisLab 20151005
Yandex 20151004
AhnLab-V3 20151005
Alibaba 20150927
ALYac 20151005
Antiy-AVL 20151005
Arcabit 20151005
Avast 20151005
AVG 20151005
Avira (no cloud) 20151005
AVware 20151005
Baidu-International 20151005
BitDefender 20151005
Bkav 20151005
ByteHero 20151005
CAT-QuickHeal 20151005
ClamAV 20151002
CMC 20151005
Comodo 20151005
Cyren 20151005
DrWeb 20151005
Emsisoft 20151005
ESET-NOD32 20151005
F-Prot 20150929
F-Secure 20151005
Fortinet 20151005
GData 20151005
Ikarus 20151005
Jiangmin 20151003
K7AntiVirus 20151005
K7GW 20151005
Kaspersky 20151005
Kingsoft 20151005
Malwarebytes 20151005
McAfee 20151005
McAfee-GW-Edition 20151005
Microsoft 20151005
eScan 20151005
NANO-Antivirus 20151005
nProtect 20151005
Panda 20151005
Qihoo-360 20151005
Rising 20151004
Sophos AV 20151005
SUPERAntiSpyware 20151005
Symantec 20151005
Tencent 20151005
TheHacker 20151005
TrendMicro 20151005
TrendMicro-HouseCall 20151005
VBA32 20151005
VIPRE 20151005
ViRobot 20151005
Zillya 20151005
Zoner 20151005
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

Publisher ...
File version
Description
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-25 12:39:01
Entry Point 0x00005E10
Number of sections 4
PE sections
Overlays
MD5 cd45f778d641971c81df549263290b10
File type data
Offset 94208
Size 124211814
Entropy 7.99
PE imports
GetLastError
HeapFree
GetStdHandle
LCMapStringW
ReadFile
SetHandleCount
GetExitCodeProcess
LCMapStringA
HeapDestroy
HeapAlloc
IsBadWritePtr
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
HeapCompact
GetCurrentProcess
GetEnvironmentStrings
GetCurrentDirectoryA
CreateDirectoryA
DeleteFileA
CreateFileA
UnhandledExceptionFilter
MultiByteToWideChar
FreeEnvironmentStringsW
GetCPInfo
GetCommandLineA
GetProcAddress
GetFileType
GetModuleHandleA
GetTempPathA
WideCharToMultiByte
GetStringTypeA
SetFilePointer
FindFirstFileA
SetUnhandledExceptionFilter
WriteFile
GetStartupInfoA
CloseHandle
GetTempFileNameA
FindNextFileA
RemoveDirectoryA
GetACP
HeapReAlloc
GetStringTypeW
SetEnvironmentVariableA
GetOEMCP
TerminateProcess
CreateProcessA
GetEnvironmentVariableA
HeapCreate
VirtualFree
FindClose
Sleep
IsBadReadPtr
IsBadCodePtr
ExitProcess
GetVersion
VirtualAlloc
SetCurrentDirectoryA
wsprintfA
GetMessageA
DispatchMessageA
LoadStringA
MessageBoxA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
Number of PE resources by type
RT_ICON 9
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
49152

EntryPoint
0x5e10

MIMEType
application/octet-stream

TimeStamp
2008:06:25 13:39:01+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
40960

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 aad7d1290149d8ad8a14a3ba8c77ca9d
SHA1 b1f70dcd7a86c06cb4080982da0d3972a07a8594
SHA256 fc7c5ddb41bf8c47553fef87aec6a378cb015d41c56c4a020c9bd79b52947a81
ssdeep
3145728:q25KPU0awDmWTGCBq1NsI6+mylDVIreAp0g4jirhKEf:f5KPUF/s4WeA/4jirhZf

authentihash e00232cce8dbfc0b2ba07f27f189ebfc30f0e9acd23507a21ce437d55a066f28
imphash 3af4cfbd1aa2e14fd4d3ad1fb8182305
File size 118.5 MB ( 124306022 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe overlay

VirusTotal metadata
First submission 2015-10-05 15:48:35 UTC ( vor 2 Jahre, 2 Monate )
Last submission 2015-10-05 15:48:35 UTC ( vor 2 Jahre, 2 Monate )
Dateinamen Shadow and Ash.exe
Keine Kommentare. Bisher hat kein Mitglied der VirusTotal-Community einen Kommentar zu diesem Punkt verfasst, seien Sie der Erste!

Hinterlassen Sie Ihren Kommentar...

?
Kommentar abschicken

Sie sind nicht angemeldet. Nur registrierte Nutzer können Kommentare hinterlassen, melden Sie sich an und sagen Sie etwas dazu!

Keine Bewertungen. Niemand hat diesen Punkt bisher bewertet, seien Sie der Erste!