× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1e4493dd056ae5517bfa0319f00121b674e3deec08f20364a50e7ee26bee6ffd
File name: cssextern.exe
Detection ratio: 0 / 56
Analysis date: 2015-05-30 11:20:04 UTC ( 2 years, 5 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150530
AegisLab 20150530
Yandex 20150529
AhnLab-V3 20150530
Alibaba 20150530
ALYac 20150530
Antiy-AVL 20150530
Avast 20150530
AVG 20150530
Avira (no cloud) 20150530
AVware 20150530
Baidu-International 20150530
BitDefender 20150530
Bkav 20150529
ByteHero 20150530
CAT-QuickHeal 20150530
ClamAV 20150530
CMC 20150530
Comodo 20150530
Cyren 20150530
DrWeb 20150530
Emsisoft 20150530
ESET-NOD32 20150530
F-Prot 20150530
F-Secure 20150530
Fortinet 20150530
GData 20150530
Ikarus 20150530
Jiangmin 20150529
K7AntiVirus 20150530
K7GW 20150530
Kaspersky 20150530
Kingsoft 20150530
Malwarebytes 20150530
McAfee 20150530
McAfee-GW-Edition 20150529
Microsoft 20150530
eScan 20150530
NANO-Antivirus 20150530
nProtect 20150529
Panda 20150530
Qihoo-360 20150530
Rising 20150529
Sophos AV 20150530
SUPERAntiSpyware 20150530
Symantec 20150530
Tencent 20150530
TheHacker 20150529
TotalDefense 20150530
TrendMicro 20150530
TrendMicro-HouseCall 20150530
VBA32 20150529
VIPRE 20150530
ViRobot 20150530
Zillya 20150530
Zoner 20150526
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2015-05-27 16:21:31
Entry Point 0x00003EA6
Number of sections 5
PE sections
PE imports
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CreateSolidBrush
CreateToolhelp32Snapshot
IsProcessorFeaturePresent
WriteProcessMemory
Process32First
QueryPerformanceCounter
IsDebuggerPresent
EncodePointer
Process32Next
HeapSetInformation
GetCurrentProcess
GetCurrentProcessId
OpenProcess
Module32First
UnhandledExceptionFilter
GetStartupInfoW
ReadProcessMemory
InterlockedCompareExchange
InterlockedExchange
SetUnhandledExceptionFilter
CloseHandle
GetSystemTimeAsFileTime
Thread32Next
Thread32First
DecodePointer
Module32Next
TerminateProcess
Sleep
GetTickCount
GetCurrentThreadId
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?what@exception@std@@UBEPBDXZ
_acmdln
memset
__dllonexit
_stricmp
_controlfp_s
_invoke_watson
_fmode
_amsg_exit
_CIasin
?_type_info_dtor_internal_method@type_info@@QAEXXZ
??2@YAPAXI@Z
_lock
_onexit
exit
_XcptFilter
_commode
__setusermatherr
_initterm_e
_cexit
_CxxThrowException
_ismbblead
?terminate@@YAXXZ
_unlock
_crt_debugger_hook
??3@YAXPAX@Z
_itoa
_CIsqrt
__CxxFrameHandler3
_except_handler4_common
_CIatan
__getmainargs
memcpy
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
memmove
_CIpow
??0exception@std@@QAE@ABQBD@Z
_configthreadlocale
_initterm
_exit
__set_app_type
GetAsyncKeyState
CreateWindowExA
LoadCursorA
LoadIconA
FindWindowA
GetWindowRect
DispatchMessageA
SetLayeredWindowAttributes
TranslateMessage
SendInput
PeekMessageA
PostQuitMessage
DefWindowProcA
ShowWindow
SetWindowPos
RegisterClassExA
Direct3DCreate9Ex
D3DXCreateFontA
D3DXCreateLine
DwmExtendFrameIntoClientArea
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2015:05:27 17:21:31+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
13824

LinkerVersion
10.0

EntryPoint
0x3ea6

InitializedDataSize
7680

SubsystemVersion
5.1

ImageVersion
0.0

OSVersion
5.1

UninitializedDataSize
0

File identification
MD5 9cccb82c2b6ef4bfc7ed5c2dcfae729e
SHA1 5222a4118230cc44396c795cf34ce21b55f5e7e9
SHA256 1e4493dd056ae5517bfa0319f00121b674e3deec08f20364a50e7ee26bee6ffd
ssdeep
384:OPCCoectMjw9KWHBkqLFcKhl2d3WCQhBotGv4Ty4Z8knHVOgPGwihSoKemxG:IFoeUfMWhkqLF3yJ2B5vwW61Og+wK3/

authentihash c8765d764ae8d2591737915224b288363e6ceca6340f249b8bb73bfe7417b49f
imphash 28cf14b54a63be1878b8fb36542aafe0
File size 22.0 KB ( 22528 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2015-05-30 11:20:04 UTC ( 2 years, 5 months ago )
Last submission 2015-05-30 11:20:04 UTC ( 2 years, 5 months ago )
File names cssextern.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!