× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: d0eaa89c7f094c52fc758e43dbe0e122b67f4df392254b210a153a25ce8d2ae7
File name: GFilterSvc.exe
Detection ratio: 11 / 47
Analysis date: 2013-11-11 09:39:34 UTC ( 5 years, 6 months ago )
Antivirus Result Update
Yandex Adware.Agent!HxFp//oHj3g 20131110
AntiVir ADWARE/GFilter.Gen2 20131111
Antiy-AVL AdWare/Win32.Agent 20131107
Comodo ApplicUnwnt.Win32.AdWare.Agent.ZM 20131111
ESET-NOD32 a variant of Win32/Webprefix.B 20131111
F-Prot W32/AdAgent.AP.gen!Eldorado 20131111
Jiangmin Adware/Agent.iis 20131111
K7AntiVirus Adware 20131108
Kaspersky not-a-virus:AdWare.Win32.Agent.zne 20131111
nProtect Trojan-Clicker/W32.Agent.95232.G 20131110
VBA32 AdWare.Agent 20131111
AhnLab-V3 20131111
Avast 20131111
AVG 20131110
Baidu-International 20131111
BitDefender 20131111
Bkav 20131111
ByteHero 20131105
CAT-QuickHeal 20131111
ClamAV 20131111
Commtouch 20131111
DrWeb 20131111
Emsisoft 20131111
F-Secure 20131111
Fortinet 20131111
GData 20131111
Ikarus 20131111
K7GW 20131108
Kingsoft 20130829
Malwarebytes 20131111
McAfee 20131111
McAfee-GW-Edition 20131111
Microsoft 20131111
eScan 20131111
NANO-Antivirus 20131111
Norman 20131110
Panda 20131110
Rising 20131111
Sophos AV 20131111
SUPERAntiSpyware 20131110
Symantec 20131111
TheHacker 20131111
TotalDefense 20131108
TrendMicro 20131111
TrendMicro-HouseCall 20131111
VIPRE 20131111
ViRobot 20131111
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
File version 1.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-16 06:57:40
Entry Point 0x0000D1D6
Number of sections 3
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
OpenServiceA
QueryServiceConfigA
RegQueryValueExA
ControlService
RegCreateKeyExA
DeleteService
CryptHashData
CryptCreateHash
SetSecurityDescriptorDacl
CloseServiceHandle
OpenProcessToken
CreateServiceA
EnumServicesStatusExA
RegOpenKeyExA
GetTokenInformation
CryptReleaseContext
CryptAcquireContextA
SetServiceStatus
GetUserNameA
CryptDestroyHash
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
CryptGetHashParam
InitializeSecurityDescriptor
QueryServiceStatusEx
RegSetValueExA
StartServiceA
RegDeleteValueA
OpenSCManagerA
GetStdHandle
ReleaseMutex
WaitForSingleObject
GetExitCodeProcess
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
MapViewOfFileEx
FreeEnvironmentStringsW
GetTempPathA
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
QueryDosDeviceA
GetLogicalDriveStringsA
FreeLibraryAndExitThread
TlsGetValue
GetStringTypeExA
SetLastError
GetSystemTime
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
CreateMutexA
CreateThread
SetUnhandledExceptionFilter
MoveFileExA
TerminateProcess
VirtualQuery
GetCurrentThreadId
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
SetEvent
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetFileSize
DeleteFileA
GetProcAddress
CreateFileMappingW
lstrcmpA
GetTempFileNameA
GetComputerNameA
ExpandEnvironmentStringsA
CreateEventW
CreateEventA
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
UnmapViewOfFile
lstrlenA
LCMapStringA
GetThreadLocale
GetEnvironmentStringsW
lstrlenW
GetEnvironmentStrings
GetCurrentProcessId
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
GetOEMCP
GetProcessImageFileNameA
ShellExecuteExA
PathRemoveArgsA
PathUnquoteSpacesA
PathFileExistsA
PathQuoteSpacesA
CharLowerA
CharNextA
wvsprintfA
LoadStringA
InternetCrackUrlA
InternetGetConnectedState
InternetCheckConnectionA
InternetCanonicalizeUrlA
CoUninitialize
CoInitialize
StringFromGUID2
PE exports
Number of PE resources by type
TEXT 1
RT_VERSION 1
Number of PE resources by language
GERMAN 2
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
9.0

ImageVersion
0.0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
13312

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2013:02:16 07:57:40+01:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Windows NT 32-bit

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CodeSize
84992

FileSubtype
0

ProductVersionNumber
1.0.0.1

EntryPoint
0xd1d6

ObjectFileType
Dynamic link library

File identification
MD5 393917cdba2809623f72370de345cc3e
SHA1 8de96e95098bc9f41d04a50d17391e8e7b223a83
SHA256 d0eaa89c7f094c52fc758e43dbe0e122b67f4df392254b210a153a25ce8d2ae7
ssdeep
1536:l7NbPjPM6X97dSjy3ybBukw6kURlykZ+VLRyvQXR6Uu/Z/:l7RP7dd3yPMBRyvQXRfuB

File size 93.0 KB ( 95232 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2013-11-11 09:39:34 UTC ( 5 years, 6 months ago )
Last submission 2013-11-11 09:39:34 UTC ( 5 years, 6 months ago )
File names GFilterSvc.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!