× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0e354d769c76f1a3161c4f49791914d0ae4172c6efaeb60eb457e105f65d3e7a
Detection ratio: 13 / 53
Analysis date: 2017-10-09 14:47:22 UTC ( 1 week, 3 days ago ) View latest
Antivirus Result Update
AegisLab Troj.VBS.Crypt.towh 20171009
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9960 20170930
CAT-QuickHeal Trojan.IGENERIC 20171009
Cyren W32/S-69330c25!Eldorado 20171009
Endgame malicious (high confidence) 20170821
F-Prot W32/S-69330c25!Eldorado 20171009
Sophos ML heuristic 20170914
Jiangmin TrojanSpy.Zbot.ctcu 20171009
NANO-Antivirus Trojan.Win32.GenericKD.etipop 20171009
Palo Alto Networks (Known Signatures) generic.ml 20171009
SentinelOne (Static ML) static engine - malicious 20171001
Sophos AV NirCmd (PUA) 20171009
Symantec Trojan.Gen.2 20171009
Ad-Aware 20171009
AhnLab-V3 20171009
Alibaba 20170911
ALYac 20171009
Arcabit 20171009
Avast 20171009
Avast-Mobile 20171009
AVG 20171009
Avira (no cloud) 20171009
BitDefender 20171009
Bkav 20171009
ClamAV 20171009
CrowdStrike Falcon (ML) 20170804
Cylance 20171009
DrWeb 20171009
Emsisoft 20171009
ESET-NOD32 20171009
Fortinet 20171009
GData 20171009
Ikarus 20171009
K7AntiVirus 20171009
K7GW 20171009
Kaspersky 20171009
Kingsoft 20171009
Malwarebytes 20171009
MAX 20171009
eScan 20171009
nProtect 20171009
Panda 20171009
Qihoo-360 20171009
SUPERAntiSpyware 20171009
Symantec Mobile Insight 20171006
Tencent 20171009
TheHacker 20171007
Trustlook 20171009
ViRobot 20171009
Webroot 20171009
WhiteArmor 20170927
Yandex 20171006
Zillya 20171009
ZoneAlarm by Check Point 20171009
Zoner 20171009
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Packers identified
F-PROT Unicode, ZIP, appended, UPX_LZMA, Aspack, RAR, UTF-8, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-08-14 19:15:54
Entry Point 0x0000FCE7
Number of sections 6
PE sections
Overlays
MD5 52247cd4f67be9292e24fe821e650ef7
File type application/zip
Offset 206848
Size 49854990
Entropy 7.99
PE imports
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindNextFileA
EncodePointer
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
OpenFileMappingW
GetConsoleMode
FreeEnvironmentStringsW
InitializeSListHead
GetLocaleInfoW
SetStdHandle
SetFilePointerEx
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
AllocConsole
TlsGetValue
MoveFileW
SetFileAttributesW
SetLastError
GetModuleFileNameW
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
QueryPerformanceFrequency
LoadLibraryExA
FindClose
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FoldStringW
GetFullPathNameW
SetEnvironmentVariableW
MoveFileExW
GetSystemDirectoryW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TzSpecificLocalTimeToSystemTime
TerminateProcess
GetModuleHandleExW
SetCurrentDirectoryW
VirtualQuery
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
GetNumberFormatW
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
RtlUnwind
DecodePointer
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
ExpandEnvironmentStringsW
FindFirstFileExA
FindNextFileW
FreeConsole
FindFirstFileW
CreateFileW
GetFileType
TlsSetValue
HeapAlloc
LeaveCriticalSection
GetLastError
AttachConsole
SystemTimeToFileTime
LCMapStringW
GetSystemInfo
GetConsoleCP
FindResourceW
CompareStringW
GetEnvironmentStringsW
IsDBCSLeadByte
GlobalAlloc
FileTimeToLocalFileTime
GetCurrentDirectoryW
GetCurrentProcessId
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
RaiseException
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
UnmapViewOfFile
GetTempPathW
Sleep
GetOEMCP
Number of PE resources by type
RT_STRING 10
RT_DIALOG 6
RT_ICON 1
RT_MANIFEST 1
RT_BITMAP 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 18
NEUTRAL DEFAULT 2
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:08:14 20:15:54+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
135168

LinkerVersion
14.0

EntryPoint
0xfce7

InitializedDataSize
70656

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

Compressed bundles
File identification
MD5 610d1b2e3001a4aaabf4a59280e94684
SHA1 c12066790885064386d256c0bf1f84d0e6e9f651
SHA256 0e354d769c76f1a3161c4f49791914d0ae4172c6efaeb60eb457e105f65d3e7a
ssdeep
786432:sVOqqsEiCD1Hgoy/HfFG5zEf2gg78vbmd2sYhQsNsOKUq1duXBaFeJdecYjqLkiT:qOlsmgoQ/FS78v1Nxki4FMd55LkiU+oS

authentihash afbf3f988ee83f685d7bd6b75b874c89a4140145d6073561aa78fd946dfe6d06
imphash 49091c5c46d1ed156931ed11f43d3afa
File size 47.7 MB ( 50061838 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe aspack upx overlay

VirusTotal metadata
First submission 2017-09-14 09:06:57 UTC ( 1 month ago )
Last submission 2017-10-18 20:58:18 UTC ( 1 day, 15 hours ago )
File names Easy2Boot_v1.95_DPMS.exe
Easy2Boot_v1.95_DPMS.exe
Easy2Boot_v1.95_DPMS.exe
Easy2Boot_v1.95_DPMS.exe
Easy2Boot_v1.95_DPMS.exe
Easy2Boot_v1.95_DPMS.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!