× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c6221e19d2df42f2e1318a3c74c035802cb9dcc86923bd6c49f23bb13c130a86
File name: dot.exe
Detection ratio: 6 / 47
Analysis date: 2013-11-12 14:21:10 UTC ( 5 years, 6 months ago ) View latest
Antivirus Result Update
ESET-NOD32 a variant of Win32/Kryptik.BORN 20131112
Fortinet W32/Small.BS!tr.dldr 20131112
Kaspersky UDS:DangerousObject.Multi.Generic 20131112
Malwarebytes Trojan.Dropper 20131112
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.J!81 20131111
Sophos AV Mal/EncPk-ZC 20131112
Yandex 20131111
AhnLab-V3 20131112
AntiVir 20131112
Antiy-AVL 20131112
Avast 20131112
AVG 20131112
Baidu-International 20131112
BitDefender 20131112
Bkav 20131112
ByteHero 20131111
CAT-QuickHeal 20131112
ClamAV 20131112
Commtouch 20131112
Comodo 20131112
DrWeb 20131112
Emsisoft 20131112
F-Prot 20131112
F-Secure 20131112
GData 20131112
Ikarus 20131112
Jiangmin 20131112
K7AntiVirus 20131111
K7GW 20131111
Kingsoft 20130829
McAfee 20131112
Microsoft 20131112
eScan 20131112
NANO-Antivirus 20131111
Norman 20131112
nProtect 20131112
Panda 20131111
Rising 20131112
SUPERAntiSpyware 20131112
Symantec 20131112
TheHacker 20131112
TotalDefense 20131111
TrendMicro 20131112
TrendMicro-HouseCall 20131112
VBA32 20131112
VIPRE 20131112
ViRobot 20131112
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2004-04-02 03:16:10
Entry Point 0x00001000
Number of sections 5
PE sections
PE imports
ExcludeClipRect
UpdateColors
CreateBitmap
GetTextExtentPoint32A
GetStockObject
TextOutA
CreateSolidBrush
IntersectClipRect
SetBkColor
CreateCompatibleDC
DeleteObject
RealizePalette
Rectangle
ImmGetContext
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontA
acmStreamOpen
acmStreamConvert
GetModuleHandleA
HeapCreate
FreeLibrary
HeapAlloc
ExitProcess
GetProcAddress
GetMessageA
CreateWindowExA
GetDoubleClickTime
LoadIconA
UpdateWindow
DispatchMessageA
GetQueueStatus
PostQuitMessage
DefWindowProcA
RegisterClassA
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
CodeSize
2048

SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

ProductName
Go

FileVersionNumber
5.2.1.2

LanguageCode
Neutral 2

FileFlagsMask
0x0000

CharacterSet
Unknown (0025)

InitializedDataSize
79872

FileTypeExtension
exe

OriginalFileName
gog.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.2.1.2

TimeStamp
2004:04:02 04:16:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
go.exe

FileDescrsiption
go .exe

ProductVersion
5.2.1.3

UninitializedDataSize
0

OSVersion
5.1

FileOS
Windows NT 32-bit

LegalCopyright
Copyright (C) 2010

MachineType
Intel 386 or later, and compatibles

CompanyName
MS Corp

LegalTrademarks
Legal

FileSubtype
0

ProductVersionNumber
5.2.1.3

EntryPoint
0x1000

ObjectFileType
Executable application

File identification
MD5 b0dbfd7e359d4830d7ff4a5f40a78204
SHA1 6819cab0705ffc8aef4f8952c5bab41769b713fd
SHA256 c6221e19d2df42f2e1318a3c74c035802cb9dcc86923bd6c49f23bb13c130a86
ssdeep
1536:oi9iGOzmofv9niGJb0+CwtsSpW4O4E3ot/8i8VWm3eXDXv91n0iILmllnCSQqq+5:oOPONv9niGJbVtscxZp8NUL11n0iWm+s

authentihash 24adbcb764098c25e29ed06f0e5ac4f8f19b490382652d5aae37689d551111cd
imphash 58379234ce2a92d329d58cacb1287fb8
File size 81.0 KB ( 82944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.2%)
Win32 Executable (generic) (11.7%)
Win16/32 Executable Delphi generic (5.4%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-12 14:21:10 UTC ( 5 years, 6 months ago )
Last submission 2014-01-06 19:06:59 UTC ( 5 years, 4 months ago )
File names dot.exe
gofkiwazosor.exe
gofkiwazosor.exe123
17000580
output.17000580.txt
1iBsAfGHF.odt
2jfbUOI.vbs
c6221e19d2df42f2e1318a3c74c035802cb9dcc86923bd6c49f23bb13c130a86
aa
dot.exe
gofkiwazosor.exe1
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Set keys
Created processes
Terminated processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections
UDP communications