× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 05f4aa3d5df39c403a51237a6762c062c079480d974de61a4424d3c2d0b26d95
File name: d6f7g8.exe
Detection ratio: 3 / 54
Analysis date: 2015-10-28 09:39:38 UTC ( 2 years, 3 months ago ) View latest
Antivirus Result Update
Cyren W32/Agent.XL.gen!Eldorado 20151028
F-Prot W32/Agent.XL.gen!Eldorado 20151028
Qihoo-360 HEUR/QVM10.1.Malware.Gen 20151028
Ad-Aware 20151028
AegisLab 20151028
Yandex 20151027
AhnLab-V3 20151027
Alibaba 20151028
ALYac 20151028
Antiy-AVL 20151028
Arcabit 20151028
Avast 20151028
AVG 20151028
Avira (no cloud) 20151028
AVware 20151028
Baidu-International 20151028
BitDefender 20151028
ByteHero 20151028
CAT-QuickHeal 20151028
ClamAV 20151028
CMC 20151026
Comodo 20151028
DrWeb 20151028
Emsisoft 20151028
ESET-NOD32 20151028
F-Secure 20151028
Fortinet 20151028
GData 20151028
Ikarus 20151028
Jiangmin 20151027
K7AntiVirus 20151028
K7GW 20151028
Kaspersky 20151028
Malwarebytes 20151028
McAfee 20151028
McAfee-GW-Edition 20151028
Microsoft 20151028
eScan 20151028
NANO-Antivirus 20151028
nProtect 20151028
Panda 20151027
Rising 20151027
Sophos AV 20151028
SUPERAntiSpyware 20151028
Symantec 20151028
Tencent 20151028
TheHacker 20151026
TrendMicro 20151028
TrendMicro-HouseCall 20151028
VBA32 20151027
VIPRE 20151028
ViRobot 20151028
Zillya 20151027
Zoner 20151028
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-10-28 07:44:37
Entry Point 0x0000A56D
Number of sections 4
PE sections
PE imports
RegDeleteKeyA
RegCloseKey
RegQueryValueA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
ImageList_Destroy
PrintDlgA
GetOpenFileNameA
GetFileTitleA
ChooseColorA
CommDlgExtendedError
GetSaveFileNameA
SetMapMode
GetWindowOrgEx
SetTextAlign
GetTextMetricsA
CombineRgn
GetTextExtentPointA
EndDoc
IntersectClipRect
CreatePalette
EqualRgn
CreateDIBitmap
GetDIBits
ExtCreateRegion
GetEnhMetaFileBits
StretchDIBits
ScaleViewportExtEx
CloseMetaFile
SetViewportExtEx
SetBkColor
GetBkColor
SetRectRgn
DeleteEnhMetaFile
GetSystemPaletteEntries
OffsetRgn
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
LPtoDP
GetPixel
SetWindowExtEx
OffsetViewportOrgEx
SetBkMode
GetRegionData
BitBlt
GetDeviceCaps
MoveToEx
ScaleWindowExtEx
PtVisible
SelectPalette
EndPage
GetTextColor
Escape
DeleteObject
AddFontResourceA
GetWindowExtEx
PatBlt
CreatePen
GetClipBox
GetObjectA
CreateDCA
LineTo
DeleteDC
GetMapMode
StartPage
GetCharWidthA
RealizePalette
SetEnhMetaFileBits
SetDIBitsToDevice
RectVisible
GetStockObject
PlayEnhMetaFile
ExtTextOutA
GdiFlush
SelectClipRgn
GetTextAlign
GetTextExtentPoint32A
SetWindowOrgEx
GetViewportExtEx
CreatePolygonRgn
Polygon
SaveDC
RestoreDC
CreateBitmap
SetTextColor
CreateFontA
SetViewportOrgEx
CreateCompatibleDC
CreateRectRgn
RemoveFontResourceA
SelectObject
StartDocA
Ellipse
CreateSolidBrush
DPtoLP
AbortDoc
CreateCompatibleBitmap
DeleteMetaFile
GetStdHandle
GetConsoleOutputCP
FileTimeToSystemTime
GetFileAttributesA
SetEvent
GetDriveTypeA
HeapDestroy
IsValidLocale
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
GetLocaleInfoA
LocalAlloc
lstrcatA
SetErrorMode
VirtualLock
MultiByteToWideChar
GetLocaleInfoW
SetFileAttributesA
GetFileTime
GetTempPathA
GetCPInfo
GetProcAddress
GetStringTypeA
GetSystemTimeAsFileTime
WriteFile
WaitForSingleObject
SetStdHandle
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
ResumeThread
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
OutputDebugStringA
SetLastError
GetSystemTime
LocalLock
IsDebuggerPresent
ExitProcess
GetVersionExA
GetModuleFileNameA
RaiseException
FreeLibrary
GetVolumeInformationA
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
SetHandleCount
UnhandledExceptionFilter
InterlockedDecrement
GlobalFindAtomA
CreateMutexA
GetModuleHandleA
HeapAlloc
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
UnlockFile
GetSystemDirectoryA
SetEnvironmentVariableA
SetPriorityClass
TerminateProcess
GlobalFlags
WriteConsoleA
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
OpenProcess
TerminateThread
lstrcmpiA
GetExitCodeProcess
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
ExitThread
Process32Next
GlobalSize
GetStartupInfoA
GetDateFormatA
GetFileSize
LCMapStringW
Process32First
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
WaitForMultipleObjects
CompareStringW
GlobalReAlloc
FreeEnvironmentStringsW
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
GetTimeFormatA
CreateFileMappingA
FindNextFileA
GlobalMemoryStatus
DuplicateHandle
GlobalLock
GetTimeZoneInformation
CreateEventA
CopyFileA
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LocalUnlock
LeaveCriticalSection
GetLastError
LocalReAlloc
DosDateTimeToFileTime
GlobalDeleteAtom
HeapCreate
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
SetFileTime
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
OpenMutexA
SuspendThread
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
GetProcessVersion
CloseHandle
lstrcpynA
EnumSystemLocalesA
GetACP
GetModuleHandleW
SizeofResource
CreateProcessA
IsValidCodePage
UnmapViewOfFile
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
CompareStringA
ShellExecuteExA
DragAcceptFiles
DragQueryFileA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
IsWindowUnicode
SetWindowRgn
GetWindowRgn
PostMessageA
HideCaret
EnumWindows
ReleaseCapture
KillTimer
ExcludeUpdateRgn
ShowWindow
GetPropA
SetWindowPos
GetParent
GetWindowThreadProcessId
GetSystemMetrics
IsWindow
DispatchMessageA
EnableWindow
SetCapture
SetRectEmpty
PeekMessageA
DrawIcon
TranslateMessage
GetSysColor
GetMenuItemID
ReleaseDC
SetWindowTextA
ShowCaret
GetMenu
GetWindowLongA
SetParent
SetClipboardData
GetWindowPlacement
SendMessageA
GetClientRect
CreateWindowExA
BringWindowToTop
RealGetWindowClassA
InvalidateRect
GetSubMenu
SetTimer
LoadCursorA
LoadIconA
GetTopWindow
DefDlgProcA
AdjustWindowRect
WaitForInputIdle
GetDesktopWindow
InflateRect
CallWindowProcA
GetDC
InvalidateRgn
DestroyWindow
IsDialogMessageA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
timeKillEvent
waveOutReset
waveInOpen
waveOutUnprepareHeader
waveOutGetDevCapsA
timeSetEvent
mixerGetLineControlsA
mciSendStringA
waveOutGetPosition
mixerGetLineInfoA
mixerGetNumDevs
waveOutOpen
waveInPrepareHeader
waveInGetDevCapsA
waveOutGetNumDevs
waveOutClose
waveInAddBuffer
timeGetTime
waveInClose
waveInGetNumDevs
mixerGetDevCapsA
mixerOpen
mixerSetControlDetails
mixerClose
waveOutPrepareHeader
waveInUnprepareHeader
mciGetErrorStringA
mixerGetControlDetailsA
waveInStart
waveOutWrite
mciSendCommandA
waveInReset
OpenPrinterA
DocumentPropertiesA
ClosePrinter
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
StgOpenStorageOnILockBytes
CLSIDFromString
CoCreateInstance
CoFreeUnusedLibraries
CLSIDFromProgID
CoGetClassObject
CoRegisterMessageFilter
OleIsCurrentClipboard
StgCreateDocfileOnILockBytes
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
Number of PE resources by type
RT_BITMAP 1
RT_MANIFEST 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:10:28 08:44:37+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
104960

LinkerVersion
9.0

EntryPoint
0xa56d

InitializedDataSize
176640

SubsystemVersion
5.0

ImageVersion
0.0

OSVersion
5.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 f741f446f2623e98c3146303a8b2e66d
SHA1 4d1d373a17b59abd107c1591dd0516e5aa7e5108
SHA256 05f4aa3d5df39c403a51237a6762c062c079480d974de61a4424d3c2d0b26d95
ssdeep
3072:7QDEPyODn5IlsOfqFTJzpFnxSJ3NLNfGjnQAcI4ZCF81uk:nyI52CdnSGjnQAc5D1uk

authentihash 3d03077fd47197b44aea952bc4dfe454b443e34afe61ad2a2b3e8c0f600164e2
imphash 4467cd1aa18515ebdfc5cccf1b4b3f56
File size 276.0 KB ( 282624 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-10-28 09:11:04 UTC ( 2 years, 3 months ago )
Last submission 2015-12-13 07:53:02 UTC ( 2 years, 2 months ago )
File names hh.exe
helppane.exe
d6f7g8.exe
explorer.exe
d6f7g8[1].exe
d6f7g8_exe
winhlp32.exe
regedit.exe
filename
05f4aa3d5df39c403a51237a6762c062c079480d974de61a4424d3c2d0b26d95.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Deleted files
Created processes
Created mutexes
Opened mutexes
Runtime DLLs
Additional details
The file uses the IsDebuggerPresent Windows API function in order to see whether it is being debugged.