× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 03b86ce2c08e2cc78d76d3d3dd173986b498b055c3c19e13a97a7c3c674772c6
File name: optipng.exe
Detection ratio: 2 / 67
Analysis date: 2017-11-18 02:10:57 UTC ( 8 hours, 13 minutes ago )
Antivirus Result Update
Cylance Unsafe 20171118
TheHacker Posible_Worm32 20171117
Ad-Aware 20171118
AegisLab 20171118
AhnLab-V3 20171117
Alibaba 20170911
ALYac 20171118
Antiy-AVL 20171118
Arcabit 20171117
Avast 20171118
Avast-Mobile 20171117
AVG 20171118
Avira (no cloud) 20171117
Baidu 20171117
BitDefender 20171118
Bkav 20171117
CAT-QuickHeal 20171117
ClamAV 20171118
CMC 20171117
Comodo 20171118
CrowdStrike Falcon (ML) 20171016
Cybereason 20171103
Cyren 20171118
DrWeb 20171118
eGambit 20171118
Emsisoft 20171118
Endgame 20171024
ESET-NOD32 20171118
F-Prot 20171118
F-Secure 20171118
Fortinet 20171118
GData 20171118
Ikarus 20171117
Sophos ML 20170914
Jiangmin 20171117
K7AntiVirus 20171117
K7GW 20171118
Kaspersky 20171118
Kingsoft 20171118
Malwarebytes 20171118
MAX 20171118
McAfee 20171118
McAfee-GW-Edition 20171118
Microsoft 20171118
eScan 20171118
NANO-Antivirus 20171118
nProtect 20171118
Palo Alto Networks (Known Signatures) 20171118
Panda 20171117
Qihoo-360 20171118
Rising 20171118
SentinelOne (Static ML) 20171113
Sophos AV 20171118
SUPERAntiSpyware 20171118
Symantec 20171117
Symantec Mobile Insight 20171117
Tencent 20171118
TotalDefense 20171117
TrendMicro 20171118
TrendMicro-HouseCall 20171118
Trustlook 20171118
VBA32 20171117
VIPRE 20171118
ViRobot 20171117
Webroot 20171118
WhiteArmor 20171104
Yandex 20171116
Zillya 20171117
ZoneAlarm by Check Point 20171118
Zoner 20171118
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
Packers identified
F-PROT UPX_LZMA
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-04-03 15:39:00
Entry Point 0x00050340
Number of sections 3
PE sections
PE imports
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:04:03 16:39:00+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
102400

LinkerVersion
2.25

EntryPoint
0x50340

InitializedDataSize
4096

SubsystemVersion
4.0

ImageVersion
1.0

OSVersion
4.0

UninitializedDataSize
225280

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
Compressed bundles
File identification
MD5 79c7398b538c898357078fda0652c022
SHA1 3f5318afb31c3dbdd6ec5cdd3dbe578453e6d58e
SHA256 03b86ce2c08e2cc78d76d3d3dd173986b498b055c3c19e13a97a7c3c674772c6
ssdeep
1536:YXpWNiukq6Hv7PCz30VvvjHcd0arYYhO+tO04ST3rKbXnHM93inWVihZAnouy8:1NQhHvjCz309bq0arVFALSEns5Yoout

authentihash b326138713dc9bf828a8572756ca4ac6dd752dc6d94a79adf96baf752bd19b4f
imphash 4bfd1be901a4c0d571291552b2d7a34c
File size 101.0 KB ( 103424 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (39.3%)
Win32 EXE Yoda's Crypter (38.6%)
Win32 Dynamic Link Library (generic) (9.5%)
Win32 Executable (generic) (6.5%)
Generic Win/DOS Executable (2.9%)
Tags
peexe

VirusTotal metadata
First submission 2016-04-04 16:22:33 UTC ( 1 year, 7 months ago )
Last submission 2017-11-14 13:08:16 UTC ( 3 days, 21 hours ago )
File names optipng.exe
optipng.exe
optipng.exe
optipng.exe
optipng.exe
optipng.ex~
optipng.exe
optipngEXE
is-dr94n.tmp
optipng.exe
navce0b.tmp
cgi2-tracer-optipng.exe
optipng.exe
optipng.exe
optipng.exe
optipng.exe
nava8b2.tmp
OptiPNG.exe
optipng.exe
B
optipng.exe
optipng.exe
optipng.exe
optipng.exe
optipng.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Runtime DLLs
UDP communications