× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 06705f6df520256247e48c0da4ab81147761ef5091b012d9d5438e5121ef1187
File name: pawf85q6.exe
Detection ratio: 10 / 58
Analysis date: 2017-02-28 01:22:20 UTC ( 1 year, 10 months ago ) View latest
Antivirus Result Update
Bkav W32.ConceptasDSAF.Trojan 20170227
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170130
Endgame malicious (high confidence) 20170222
Fortinet W32/Injector.DLTD!tr 20170227
Sophos ML virus.win32.sality.at 20170203
K7GW Hacktool ( 655367771 ) 20170227
nProtect Backdoor/W32.Androm.188258 20170227
Qihoo-360 HEUR/QVM07.1.0000.Malware.Gen 20170228
Symantec ML.Attribute.HighConfidence 20170227
Webroot Malicious 20170228
Ad-Aware 20170228
AegisLab 20170227
AhnLab-V3 20170227
Alibaba 20170227
ALYac 20170228
Antiy-AVL 20170227
Arcabit 20170227
Avast 20170227
AVG 20170227
Avira (no cloud) 20170227
AVware 20170227
Baidu 20170227
BitDefender 20170227
CAT-QuickHeal 20170227
ClamAV 20170227
CMC 20170227
Comodo 20170228
Cyren 20170227
DrWeb 20170227
Emsisoft 20170228
ESET-NOD32 20170228
F-Prot 20170228
F-Secure 20170227
GData 20170228
Ikarus 20170227
Jiangmin 20170227
K7AntiVirus 20170227
Kaspersky 20170227
Kingsoft 20170228
Malwarebytes 20170228
McAfee 20170225
McAfee-GW-Edition 20170228
Microsoft 20170228
eScan 20170227
NANO-Antivirus 20170228
Panda 20170227
Rising 20170227
Sophos AV 20170228
SUPERAntiSpyware 20170228
Tencent 20170228
TheHacker 20170223
TrendMicro 20170228
TrendMicro-HouseCall 20170228
Trustlook 20170228
VBA32 20170227
VIPRE 20170228
ViRobot 20170227
WhiteArmor 20170222
Yandex 20170225
Zillya 20170227
Zoner 20170227
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-10-15 03:17:25
Entry Point 0x0000852F
Number of sections 4
PE sections
Overlays
MD5 0ea56d8c5a30131b71b124fee89061a4
File type data
Offset 65536
Size 122722
Entropy 8.00
PE imports
GlobalSize
LocalFree
GetStartupInfoA
HeapFree
LocalLock
GlobalReAlloc
LocalAlloc
GetModuleHandleA
GlobalFree
GlobalHandle
GlobalLock
HeapAlloc
CreateFileA
GlobalUnlock
LocalUnlock
GlobalAlloc
GetModuleFileNameA
GetProcessHeap
Ord(1775)
Ord(4080)
Ord(6032)
Ord(5677)
Ord(3597)
Ord(1641)
Ord(3136)
Ord(4963)
Ord(4524)
Ord(3728)
Ord(4468)
Ord(5577)
Ord(3350)
Ord(4240)
Ord(4589)
Ord(3798)
Ord(2192)
Ord(2621)
Ord(3259)
Ord(1665)
Ord(4152)
Ord(5214)
Ord(5301)
Ord(2383)
Ord(2414)
Ord(5289)
Ord(6215)
Ord(6625)
Ord(4837)
Ord(1725)
Ord(517)
Ord(2960)
Ord(3869)
Ord(554)
Ord(4531)
Ord(815)
Ord(2723)
Ord(4428)
Ord(3351)
Ord(4875)
Ord(4696)
Ord(338)
Ord(3454)
Ord(5199)
Ord(4441)
Ord(1134)
Ord(5104)
Ord(5300)
Ord(5284)
Ord(5008)
Ord(6216)
Ord(4425)
Ord(1168)
Ord(3738)
Ord(2127)
Ord(6571)
Ord(2982)
Ord(617)
Ord(3172)
Ord(4526)
Ord(4234)
Ord(3081)
Ord(3092)
Ord(5307)
Ord(796)
Ord(4823)
Ord(1746)
Ord(3262)
Ord(2542)
Ord(4424)
Ord(5241)
Ord(540)
Ord(5260)
Ord(5076)
Ord(4078)
Ord(2448)
Ord(3059)
Ord(2554)
Ord(4376)
Ord(1859)
Ord(5791)
Ord(3692)
Ord(401)
Ord(823)
Ord(4496)
Ord(256)
Ord(2725)
Ord(640)
Ord(1680)
Ord(5805)
Ord(5472)
Ord(268)
Ord(4436)
Ord(800)
Ord(656)
Ord(4245)
Ord(912)
Ord(2512)
Ord(5261)
Ord(4079)
Ord(4467)
Ord(5265)
Ord(3825)
Ord(3472)
Ord(5101)
Ord(1858)
Ord(2124)
Ord(5283)
Ord(4615)
Ord(4077)
Ord(6336)
Ord(2391)
Ord(1567)
Ord(6052)
Ord(5653)
Ord(975)
Ord(1576)
Ord(5243)
Ord(6376)
Ord(4353)
Ord(2880)
Ord(3748)
Ord(5065)
Ord(5290)
Ord(4407)
Ord(4426)
Ord(3830)
Ord(6117)
Ord(3663)
Ord(3346)
Ord(4303)
Ord(2396)
Ord(2101)
Ord(4159)
Ord(3831)
Ord(5100)
Ord(6374)
Ord(5280)
Ord(986)
Ord(4960)
Ord(4486)
Ord(2535)
Ord(4998)
Ord(323)
Ord(3085)
Ord(3198)
Ord(2985)
Ord(6175)
Ord(3922)
Ord(6080)
Ord(2445)
Ord(2649)
Ord(4163)
Ord(5163)
Ord(2446)
Ord(2510)
Ord(1776)
Ord(1920)
Ord(6000)
Ord(4623)
Ord(324)
Ord(4262)
Ord(4238)
Ord(3749)
Ord(1871)
Ord(2385)
Ord(2976)
Ord(4613)
Ord(2878)
Ord(2704)
Ord(6334)
Ord(5255)
Ord(4420)
Ord(2055)
Ord(3216)
Ord(5632)
Ord(5264)
Ord(3571)
Ord(2399)
Ord(5012)
Ord(2648)
Ord(5714)
Ord(6288)
Ord(3403)
Ord(4622)
Ord(561)
Ord(4216)
Ord(2390)
Ord(411)
Ord(5102)
Ord(1640)
Ord(4543)
Ord(2302)
Ord(2879)
Ord(4723)
Ord(5277)
Ord(4341)
Ord(529)
Ord(4698)
Ord(5254)
Ord(4752)
Ord(976)
Ord(6055)
Ord(296)
Ord(4858)
Ord(4153)
Ord(4432)
Ord(5740)
Ord(5302)
Ord(2382)
Ord(1825)
Ord(402)
Ord(5731)
Ord(783)
__p__fmode
malloc
_acmdln
_ftol
__dllonexit
_except_handler3
_itoa
_onexit
exit
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
__p__commode
__CxxFrameHandler
_adjust_fdiv
free
__getmainargs
atof
_exit
_setmbcp
_initterm
_controlfp
__set_app_type
Number of PE resources by type
RT_STRING 14
RT_DIALOG 5
RT_ICON 4
RT_MENU 2
RT_GROUP_ICON 2
Struct(241) 1
RT_ACCELERATOR 1
RT_BITMAP 1
RT_VERSION 1
Number of PE resources by language
CHINESE SIMPLIFIED 31
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:10:15 04:17:25+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
98304

LinkerVersion
6.4

Warning
Possibly corrupt Version resource

EntryPoint
0x852f

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 7fcbaa56418bce18287b16fd00fe9b2f
SHA1 2a95418b798b15221fecaf05c834613759e10378
SHA256 06705f6df520256247e48c0da4ab81147761ef5091b012d9d5438e5121ef1187
ssdeep
3072:I14dG4+H1yABxRvMP+oe1a4vecKh3gwAwn7b/516+KlMKojE9Iapgm2amuEiZQRZ:IsGHHQUYTeY42dN///51QGKoSZ28TWr9

authentihash 44db860b3dbe6801e494d4a677ce1b01f57f164f4ae2d7b7a3d085d9483ec62f
imphash 470804c5c478d6b4d2066d253d86776c
File size 183.8 KB ( 188258 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe overlay

VirusTotal metadata
First submission 2017-02-28 01:20:37 UTC ( 1 year, 10 months ago )
Last submission 2017-02-28 01:22:20 UTC ( 1 year, 10 months ago )
File names pawf85q6.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!