× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0532fdda6923b20813aa7fcd2016395fc3284a6ece7909a36d8c345d896fbfed
File name: 44.exe
Detection ratio: 6 / 57
Analysis date: 2015-06-15 10:07:41 UTC ( 3 years, 11 months ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20150615
Fortinet W32/Dridex.M!tr 20150615
Kaspersky UDS:DangerousObject.Multi.Generic 20150615
Qihoo-360 HEUR/QVM20.1.Malware.Gen 20150615
Rising PE:Malware.XPACK-LNR/Heur!1.5594 20150614
Tencent Trojan.Win32.YY.Gen.6 20150615
Ad-Aware 20150615
AegisLab 20150615
Yandex 20150614
AhnLab-V3 20150615
Alibaba 20150614
ALYac 20150615
Antiy-AVL 20150615
Arcabit 20150615
AVG 20150615
Avira (no cloud) 20150615
AVware 20150615
Baidu-International 20150615
BitDefender 20150615
Bkav 20150612
ByteHero 20150615
CAT-QuickHeal 20150615
ClamAV 20150615
CMC 20150610
Comodo 20150615
Cyren 20150615
DrWeb 20150615
Emsisoft 20150615
ESET-NOD32 20150615
F-Prot 20150615
F-Secure 20150615
GData 20150615
Ikarus 20150615
Jiangmin 20150614
K7AntiVirus 20150615
K7GW 20150615
Kingsoft 20150615
Malwarebytes 20150615
McAfee 20150615
McAfee-GW-Edition 20150614
Microsoft 20150615
eScan 20150615
NANO-Antivirus 20150614
nProtect 20150612
Panda 20150614
Sophos AV 20150615
SUPERAntiSpyware 20150615
Symantec 20150615
TheHacker 20150614
TotalDefense 20150615
TrendMicro 20150615
TrendMicro-HouseCall 20150615
VBA32 20150613
VIPRE 20150615
ViRobot 20150615
Zillya 20150615
Zoner 20150612
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1997-2000, Pegasus Software, LLC

Product ImagXpress
Original name IMAGX5.DLL
Internal name ImagXpress
File version 5.00.017
Description ImagXpress Image Processing DLL
Comments http://www.pegasustools.com
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1990-08-04 02:13:09
Entry Point 0x00018F10
Number of sections 11
PE sections
PE imports
CreateWaitableTimerW
GetStdHandle
SetEnvironmentVariableW
ReadFile
CreateActCtxA
CreateJobSet
GetTimeFormatA
FreeConsole
CreateFileA
CopyFileExW
DnsHostnameToComputerNameA
MessageBoxA
SetWindowsHookExA
Number of PE resources by type
RT_CURSOR 35
RT_GROUP_CURSOR 34
RT_STRING 11
RT_BITMAP 4
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 86
PE resources
ExifTool file metadata
LegalTrademarks
ImagXpress

SubsystemVersion
4.2

Comments
http://www.pegasustools.com

LinkerVersion
2.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
ImagXpress Image Processing DLL

CharacterSet
Unicode

InitializedDataSize
86016

EntryPoint
0x18f10

OriginalFileName
IMAGX5.DLL

MIMEType
application/octet-stream

LegalCopyright
Copyright 1997-2000, Pegasus Software, LLC

FileVersion
5.00.017

TimeStamp
1990:08:04 03:13:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ImagXpress

ProductVersion
5.00.017

UninitializedDataSize
8192

OSVersion
4.2

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Pegasus Software, LLC

CodeSize
24576

ProductName
ImagXpress

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 4270bcfa447d96ccb41e486c74dd3d16
SHA1 efe09ce3ea87ac469aaac2b54078229cbb781f92
SHA256 0532fdda6923b20813aa7fcd2016395fc3284a6ece7909a36d8c345d896fbfed
ssdeep
1536:ViQu+xP0QqT6jraUJUeeGKlwioseV5ojXg9ul0msObhI7WuzQdD:wQu+JfPaUJUGmwFojXg9o0DOlbu89

authentihash 1db82084902e464df7589455a1f478a9a9c8862bbdb2efcc9feec39b2af20cbd
imphash e9897d303723c8deb98f68a3fffbf8cd
File size 140.0 KB ( 143360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
VXD Driver (0.2%)
Tags
peexe

VirusTotal metadata
First submission 2015-06-15 08:25:56 UTC ( 3 years, 11 months ago )
Last submission 2015-10-26 10:47:53 UTC ( 3 years, 6 months ago )
File names wyq_g.ini
44.exe.1
44_exe
44.exe
0532fdda6923b20813aa7fcd2016395fc3284a6ece7909a36d8c345d896fbfed
ginkan86.exe
ginkan86.exe
44[1].exe.186078
ImagXpress
ce@conix.fr_20131230_174313.doc.exe
44(1).exe
IMAGX5.DLL
ginkan86.exe
ginkan86.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
HTTP requests
DNS requests
TCP connections