× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1b5b3d233393d76493b1c0519cef92492c3c0f0279d9755619a348a5f7b0fd2a
File name: imagetobmp_.exe
Detection ratio: 0 / 50
Analysis date: 2014-03-19 08:28:04 UTC ( 3 years, 3 months ago ) View latest
Antivirus Result Update
Ad-Aware 20140319
Yandex 20140318
AhnLab-V3 20140318
AntiVir 20140319
Antiy-AVL 20140319
Avast 20140319
AVG 20140317
Baidu-International 20140319
BitDefender 20140319
Bkav 20140318
ByteHero 20140319
CAT-QuickHeal 20140319
ClamAV 20140319
CMC 20140313
Commtouch 20140319
Comodo 20140319
DrWeb 20140319
Emsisoft 20140319
ESET-NOD32 20140319
F-Prot 20140319
F-Secure 20140319
Fortinet 20140319
GData 20140319
Ikarus 20140319
Jiangmin 20140319
K7AntiVirus 20140318
K7GW 20140318
Kaspersky 20140319
Kingsoft 20140319
Malwarebytes 20140319
McAfee 20140319
McAfee-GW-Edition 20140319
Microsoft 20140319
eScan 20140319
NANO-Antivirus 20140319
Norman 20140318
nProtect 20140318
Panda 20140318
Qihoo-360 20140319
Rising 20140318
Sophos 20140319
SUPERAntiSpyware 20140319
Symantec 20140319
TheHacker 20140314
TotalDefense 20140319
TrendMicro 20140319
TrendMicro-HouseCall 20140319
VBA32 20140318
VIPRE 20140319
ViRobot 20140319
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2014

Product imagetobmp
Original name imagetobmp.exe
Internal name imagetobmp.exe
File version 1.0.0.0
Description imagetobmp
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-03-16 20:37:42
Entry Point 0x00006C36
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 6
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 9
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
12800

FileOS
Win32

MIMEType
application/octet-stream

LegalCopyright
Copyright 2014

FileVersion
1.0.0.0

TimeStamp
2014:03:16 21:37:42+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
imagetobmp.exe

FileAccessDate
2014:06:06 09:39:43+01:00

ProductVersion
1.0.0.0

FileDescription
imagetobmp

OSVersion
4.0

FileCreateDate
2014:06:06 09:39:43+01:00

OriginalFilename
imagetobmp.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
19968

ProductName
imagetobmp

ProductVersionNumber
1.0.0.0

EntryPoint
0x6c36

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 9eee1a103d38b1085f0cfb0b74317b6a
SHA1 1c0d6091e55f83eda99d30d46f9676cb37ff2854
SHA256 1b5b3d233393d76493b1c0519cef92492c3c0f0279d9755619a348a5f7b0fd2a
ssdeep
384:Bzucj30Iz1xieD0x0Tl7UddJkS9SLvBU0PJa9JKWe5eZlgdfWYphfQA:tuaj1okhGbwvb42Q0

imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 32.5 KB ( 33280 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (56.7%)
Win64 Executable (generic) (21.4%)
Windows Screen Saver (10.1%)
Win32 Dynamic Link Library (generic) (5.0%)
Win32 Executable (generic) (3.4%)
Tags
peexe assembly

VirusTotal metadata
First submission 2014-03-19 08:28:04 UTC ( 3 years, 3 months ago )
Last submission 2014-06-06 08:37:10 UTC ( 3 years ago )
File names imagetobmp.exe
imagetobmp.exe
imagetobmp_.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications