× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 183ee9cb06b2d7bbaa785dd140a2c3b9558db7adefd70c2a8b06e05bee8e1e76
File name: 2193.exe
Detection ratio: 10 / 63
Analysis date: 2017-09-14 08:17:07 UTC ( 1 year, 7 months ago ) View latest
Antivirus Result Update
AegisLab Troj.FakeAV.W32.SmartFortress2012.mfrs 20170914
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20170804
Cylance Unsafe 20170914
Endgame malicious (high confidence) 20170821
Qihoo-360 HEUR/QVM02.0.D59F.Malware.Gen 20170914
Rising Malware.Obscure!1.9C59 (classic) 20170914
SentinelOne (Static ML) static engine - malicious 20170806
Sophos AV Mal/Cerber-U 20170914
Symantec ML.Attribute.HighConfidence 20170914
TrendMicro-HouseCall Mal_Cerber-33 20170914
Ad-Aware 20170914
AhnLab-V3 20170914
Alibaba 20170911
ALYac 20170914
Antiy-AVL 20170914
Arcabit 20170914
Avast 20170914
AVG 20170914
Avira (no cloud) 20170914
AVware 20170914
Baidu 20170914
BitDefender 20170914
CAT-QuickHeal 20170914
ClamAV 20170914
CMC 20170914
Comodo 20170914
Cyren 20170914
DrWeb 20170914
Emsisoft 20170914
ESET-NOD32 20170914
F-Prot 20170914
F-Secure 20170914
Fortinet 20170914
GData 20170914
Ikarus 20170913
Sophos ML 20170914
Jiangmin 20170914
K7AntiVirus 20170914
K7GW 20170914
Kaspersky 20170914
Kingsoft 20170914
Malwarebytes 20170914
MAX 20170914
McAfee 20170914
McAfee-GW-Edition 20170914
Microsoft 20170914
eScan 20170914
NANO-Antivirus 20170914
nProtect 20170914
Palo Alto Networks (Known Signatures) 20170914
Panda 20170913
SUPERAntiSpyware 20170914
Symantec Mobile Insight 20170914
Tencent 20170914
TheHacker 20170911
TotalDefense 20170914
Trustlook 20170914
VBA32 20170913
VIPRE 20170914
ViRobot 20170914
Webroot 20170914
WhiteArmor 20170829
Yandex 20170908
Zillya 20170913
ZoneAlarm by Check Point 20170914
Zoner 20170914
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
PEiD InstallShield 2000
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-09-14 07:36:18
Entry Point 0x0002D050
Number of sections 5
PE sections
Overlays
MD5 adae7948fccbb516f31ac520fe3b133b
File type data
Offset 299008
Size 250880
Entropy 8.00
PE imports
GetLastError
HeapFree
GetStdHandle
EnterCriticalSection
LCMapStringW
SetHandleCount
FileTimeToSystemTime
CreateProcessW
WaitForSingleObject
GetOEMCP
QueryPerformanceCounter
HeapDestroy
HeapAlloc
IsBadWritePtr
TlsAlloc
FlushFileBuffers
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetEnvironmentStrings
GetFileType
GetLocaleInfoA
GetCurrentProcessId
UnhandledExceptionFilter
GetCPInfo
ExitProcess
TlsGetValue
MultiByteToWideChar
FreeEnvironmentStringsW
VirtualProtect
GetCommandLineA
GetProcAddress
GetStringTypeA
GetCurrentThread
SetStdHandle
SetFilePointer
CompareStringA
WideCharToMultiByte
SetEnvironmentVariableW
TlsFree
GetModuleHandleA
CompareStringW
InterlockedExchange
WriteFile
GetCurrentProcess
HeapValidate
CloseHandle
GetSystemTimeAsFileTime
GetThreadTimes
GetSystemInfo
GetACP
HeapReAlloc
GetStringTypeW
GetCurrentThreadId
SetEnvironmentVariableA
GetExitCodeProcess
TerminateProcess
LCMapStringA
InitializeCriticalSection
HeapCreate
VirtualQuery
VirtualFree
GetFileAttributesW
InterlockedDecrement
IsBadReadPtr
GetTickCount
TlsSetValue
CreateFileA
DebugBreak
OutputDebugStringA
InterlockedIncrement
VirtualAlloc
SetLastError
LeaveCriticalSection
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2017:09:14 09:36:18+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
118784

LinkerVersion
7.1

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0x2d050

InitializedDataSize
32768

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

Compressed bundles
File identification
MD5 486a409826c9ef0c933fb2ec27793909
SHA1 afd4a87b8c5a82b7ad34a06faf2b6af993211096
SHA256 183ee9cb06b2d7bbaa785dd140a2c3b9558db7adefd70c2a8b06e05bee8e1e76
ssdeep
12288:MO7+d5FWD6jXfmz3vseyPdBx6CmOhQLs9yl:8d5FW+jPQfq6CRaR

authentihash e4245734eef836f7941f6b09e44d6bc44b801a17fbff41688f2ef3963c63a652
imphash bc2007c9f291a8f51c0c0c3bd8d12df9
File size 537.0 KB ( 549888 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable, MZ for MS-DOS

TrID Generic Win/DOS Executable (50.0%)
DOS Executable Generic (49.9%)
Tags
peexe installshield overlay

VirusTotal metadata
First submission 2017-09-14 08:17:07 UTC ( 1 year, 7 months ago )
Last submission 2019-03-06 04:02:35 UTC ( 1 month, 2 weeks ago )
File names 567acdbdaec284b9ac103df6e479e9aff2073629
486a4098.gxe
HJGFjhece3.exe
2193.exe
HJGFjhece3.exe
GIFEigdbd2.tmp
GIFEigdbd2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs
UDP communications