× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 08584b4cd9e2b764b16cbf0c3998f0035ed44435256cd7be5acd99b154e28618
File name: flashwin.exe
Detection ratio: 27 / 69
Analysis date: 2018-12-06 00:20:42 UTC ( 5 months, 2 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Gen:Variant.TDss.78 20181205
ALYac Gen:Variant.TDss.78 20181205
Arcabit Trojan.TDss.78 20181205
BitDefender Gen:Variant.TDss.78 20181205
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181022
Cybereason malicious.680e21 20180225
Cylance Unsafe 20181206
eGambit Unsafe.AI_Score_56% 20181206
Emsisoft Gen:Variant.TDss.78 (B) 20181205
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/Kryptik.GNGA 20181205
F-Secure Gen:Variant.TDss.78 20181205
GData Gen:Variant.TDss.78 20181205
Sophos ML heuristic 20181128
Kaspersky UDS:DangerousObject.Multi.Generic 20181205
Malwarebytes Trojan.Agent 20181205
MAX malware (ai score=88) 20181206
Microsoft Trojan:Win32/Pynamer.B!ac 20181205
eScan Gen:Variant.TDss.78 20181205
Qihoo-360 HEUR/QVM20.1.AC09.Malware.Gen 20181206
Rising Malware.Obscure/Heur!1.A89E (CLASSIC) 20181205
SentinelOne (Static ML) static engine - malicious 20181011
Trapmine malicious.moderate.ml.score 20181205
TrendMicro Possible_HPGen-32a 20181206
TrendMicro-HouseCall Possible_HPGen-32a 20181206
VBA32 BScope.Worm.Zhelatin 20181205
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20181205
AegisLab 20181205
AhnLab-V3 20181205
Alibaba 20180921
Antiy-AVL 20181205
Avast 20181205
Avast-Mobile 20181205
AVG 20181205
Avira (no cloud) 20181205
Babable 20180918
Baidu 20181205
Bkav 20181205
CAT-QuickHeal 20181205
ClamAV 20181205
CMC 20181205
Comodo 20181205
Cyren 20181205
DrWeb 20181205
F-Prot 20181205
Fortinet 20181205
Ikarus 20181205
Jiangmin 20181205
K7AntiVirus 20181205
K7GW 20181205
Kingsoft 20181206
McAfee 20181205
McAfee-GW-Edition 20181205
NANO-Antivirus 20181205
Palo Alto Networks (Known Signatures) 20181206
Panda 20181205
Sophos AV 20181205
SUPERAntiSpyware 20181205
Symantec 20181205
Symantec Mobile Insight 20181204
TACHYON 20181205
Tencent 20181206
TheHacker 20181202
TotalDefense 20181206
Trustlook 20181206
ViRobot 20181205
Webroot 20181206
Yandex 20181204
Zillya 20181204
Zoner 20181205
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2000-2009 Heaventools Software

Product PE Explorer
Original name pexplorer.exe
Internal name PE Explorer
File version 1.99.6.1400
Description PE Explorer
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-08-19 05:16:00
Entry Point 0x0000857D
Number of sections 6
PE sections
PE imports
GetStdHandle
GetPrivateProfileSectionNamesW
ReplaceFileW
GetFileAttributesW
GetPrivateProfileStructW
DeleteCriticalSection
WritePrivateProfileStructW
GetConsoleMode
UnhandledExceptionFilter
_llseek
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
GetCPInfo
_hwrite
GetTempPathW
_lopen
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
GetProfileIntW
FindClose
TlsGetValue
MoveFileW
SetFileAttributesW
EncodePointer
SetLastError
TlsAlloc
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
SetFileShortNameW
GetProfileSectionW
WritePrivateProfileSectionW
EnumSystemLocalesW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
WriteProfileStringW
GetPrivateProfileStringW
_lclose
GetFullPathNameW
MoveFileExW
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetFileInformationByHandle
DecodePointer
TerminateProcess
SearchPathW
GetModuleHandleExW
ReadConsoleW
GetCurrentThreadId
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
MoveFileWithProgressW
GetOEMCP
QueryPerformanceCounter
SetFileApisToANSI
VirtualProtect
FlushFileBuffers
RtlUnwind
GetFileSize
SetFileValidData
GetStartupInfoW
_hread
GetUserDefaultLCID
_lread
GetProcessHeap
GetTempFileNameW
GetProfileStringW
GetFileSizeEx
GetBinaryTypeW
_lcreat
FindNextFileW
IsValidLocale
FindFirstFileExW
GetProcAddress
GetPrivateProfileSectionW
GetPrivateProfileIntW
CreateFileW
SetFileApisToOEM
WriteProfileSectionW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LCMapStringW
GetShortPathNameW
GetConsoleCP
GetEnvironmentStringsW
OpenFile
_lwrite
GetCurrentProcessId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
WritePrivateProfileStringW
RaiseException
TlsFree
ReadFile
CloseHandle
GetACP
GetModuleHandleW
SwitchToThread
GetLongPathNameW
IsValidCodePage
WriteFile
GetOpenClipboardWindow
GetComboBoxInfo
DlgDirListComboBoxW
keybd_event
GetWindowTextW
GetClipboardOwner
GetShellWindow
GetTitleBarInfo
SetClipboardViewer
GetParent
GetWindowThreadProcessId
GetClipboardViewer
GetWindowRect
GetKBCodePage
LookupIconIdFromDirectory
DlgDirSelectComboBoxExW
LoadKeyboardLayoutW
GetClipboardFormatNameW
GetClipboardData
LookupIconIdFromDirectoryEx
IsWindowEnabled
GetWindow
GetClipboardSequenceNumber
RegisterClipboardFormatW
GetKeyState
GetProcessDefaultLayout
SetClipboardData
GetLastActivePopup
GetWindowPlacement
GetWindowModuleFileNameW
GetKeyboardLayoutList
GetGUIThreadInfo
ClientToScreen
ActivateKeyboardLayout
GetKeyNameTextW
GetPriorityClipboardFormat
IsClipboardFormatAvailable
GetLayeredWindowAttributes
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayout
GetTopWindow
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
LoadIconW
GetWindowTextLengthW
LoadAcceleratorsW
GetWindowInfo
TranslateAcceleratorW
OpenClipboard
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.1

InitializedDataSize
109056

ImageVersion
0.0

ProductName
PE Explorer

FileVersionNumber
1.99.6.1400

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x0000

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

LinkerVersion
14.16

FileTypeExtension
exe

OriginalFileName
pexplorer.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
1.99.6.1400

TimeStamp
2006:08:19 07:16:00+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
PE Explorer

ProductVersion
1.99.6.1400

FileDescription
PE Explorer

OSVersion
5.1

FileOS
Win32

LegalCopyright
Copyright 2000-2009 Heaventools Software

MachineType
Intel 386 or later, and compatibles

CompanyName
Heaventools Software

CodeSize
140800

FileSubtype
0

ProductVersionNumber
1.99.6.1400

EntryPoint
0x857d

ObjectFileType
Executable application

File identification
MD5 1beb46d680e211e7575807a7daeea929
SHA1 3e77ebd56359509b3e470d8c0f01c544baabfb18
SHA256 08584b4cd9e2b764b16cbf0c3998f0035ed44435256cd7be5acd99b154e28618
ssdeep
12288:Qx1QJ4+SUNMFtlTaYktRYJIRk5bgv/hk5+h1mwPj:Q4CXFtlGgJIRk5bU/hYKmW

authentihash 1d95885490ec6d875c1fa1ed3c65ee06e69ac84f68c912434367009922b3eea7
imphash a5233bddcf216467ca5f0b503fb3e687
File size 460.0 KB ( 471040 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-06 00:20:42 UTC ( 5 months, 2 weeks ago )
Last submission 2018-12-06 00:20:42 UTC ( 5 months, 2 weeks ago )
File names flashwin.exe
PE Explorer
pexplorer.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Moved files
Replaced files
Created processes
Opened mutexes
Runtime DLLs